这里需要注意 client一般默认一种加密方式（RS256) 我是修改源码之后才能使用PS256

package org.keycloak.keys.loader;import org.jboss.logging.Logger;
import org.keycloak.authentication.authenticators.client.JWTClientAuthenticator;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.crypto.Algorithm;
import org.keycloak.crypto.KeyType;
import org.keycloak.crypto.KeyUse;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.jose.jwk.JSONWebKeySet;
import org.keycloak.jose.jwk.JWK;
import org.keycloak.keys.PublicKeyLoader;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
import org.keycloak.protocol.oidc.utils.JWKSHttpUtils;
import org.keycloak.representations.idm.CertificateRepresentation;
import org.keycloak.services.util.CertificateInfoHelper;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.util.JWKSUtils;
import org.keycloak.util.JsonSerialization;import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Map;/*** @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>*/
public class ClientPublicKeyLoader implements PublicKeyLoader {private static final Logger logger = Logger.getLogger(ClientPublicKeyLoader.class);private final KeycloakSession session;private final ClientModel client;private final JWK.Use keyUse;public ClientPublicKeyLoader(KeycloakSession session, ClientModel client) {this.session = session;this.client = client;this.keyUse = JWK.Use.SIG;}public ClientPublicKeyLoader(KeycloakSession session, ClientModel client, JWK.Use keyUse) {this.session = session;this.client = client;this.keyUse = keyUse;}@Overridepublic Map<String, KeyWrapper> loadKeys() throws Exception {OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientModel(client);try {logger.debugv( "oidc advancedConfig is {0}", JsonSerialization.writeValueAsPrettyString( config ) );} catch (Exception cause) {}if (config.isUseJwksUrl()) {String jwksUrl = config.getJwksUrl();jwksUrl = ResolveRelative.resolveRelativeUri(session.getContext().getUri().getRequestUri(), client.getRootUrl(), jwksUrl);JSONWebKeySet jwks = JWKSHttpUtils.sendJwksRequest(session, jwksUrl);return JWKSUtils.getKeyWrappersForUse(jwks, keyUse);} else if (keyUse == JWK.Use.SIG) {try {CertificateRepresentation certInfo = CertificateInfoHelper.getCertificateFromClient(client, JWTClientAuthenticator.ATTR_PREFIX);KeyWrapper publicKey = getSignatureValidationKey(certInfo);return Collections.singletonMap(publicKey.getKid(), publicKey);} catch (ModelException me) {logger.warnf(me, "Unable to retrieve publicKey for verify signature of client '%s' . Error details: %s", client.getClientId(), me.getMessage());return Collections.emptyMap();}} else {logger.warnf("Unable to retrieve publicKey of client '%s' for the specified purpose other than verifying signature", client.getClientId());return Collections.emptyMap();}}private static KeyWrapper getSignatureValidationKey(CertificateRepresentation certInfo) throws ModelException {KeyWrapper keyWrapper = new KeyWrapper();String encodedCertificate = certInfo.getCertificate();String encodedPublicKey = certInfo.getPublicKey();if (encodedCertificate == null && encodedPublicKey == null) {throw new ModelException("Client doesn't have certificate or publicKey configured");}if (encodedCertificate != null && encodedPublicKey != null) {throw new ModelException("Client has both publicKey and certificate configured");}//here ...................
//        keyWrapper.setAlgorithm(Algorithm.RS256);
//注意这里keyWrapper.setAlgorithm(Algorithm.PS256);keyWrapper.setType(KeyType.RSA);keyWrapper.setUse(KeyUse.SIG);String kid = null;if (encodedCertificate != null) {X509Certificate clientCert = KeycloakModelUtils.getCertificate(encodedCertificate);// Check if we have kid in DB, generate otherwisekid = certInfo.getKid() != null ? certInfo.getKid() : KeyUtils.createKeyId(clientCert.getPublicKey());keyWrapper.setKid(kid);keyWrapper.setPublicKey(clientCert.getPublicKey());keyWrapper.setCertificate(clientCert);logger.debug("getSignatureValidationKey * * * get the kid"+kid+"keyWrapper"+keyWrapper.toString());} else {logger.debugf( "encodedPublicKey is %s", encodedPublicKey );PublicKey publicKey = KeycloakModelUtils.getPublicKey(encodedPublicKey);logger.debugv( "public key algo", publicKey.getAlgorithm() );// Check if we have kid in DB, generate otherwisekid = certInfo.getKid() != null ? certInfo.getKid() : KeyUtils.createKeyId(publicKey);keyWrapper.setKid(kid);//注意这里keyWrapper.setAlgorithm( Algorithm.PS256 );keyWrapper.setPublicKey(publicKey);}return keyWrapper;}}

client配置

公钥私钥生成

        RSAKey privateKey = new RSAKeyGenerator(2048).algorithm(JWSAlgorithm.PS256).keyUse(KeyUse.SIGNATURE).keyID("client-PS256").generate();RSAKey publicKey = privateKey.toPublicJWK();

私钥

{"keys": [{"p": "77_7i2uGN6RxaCU6m217guw2gdLeknEbi34IeJpvK5xqufrs00aMCqnCXwWAEsqCm3CmITdhTPNZSemETcsouW82NiHQ_cbI7agNpAaTU6kRdzaOVyJSJgs-pmxgFMbgkBmIHZbbtdrpIykTHlhmilPnRhQvwN3N_7eymmbXPe0", "kty": "RSA", "q": "nbVbCk7BMP1syPPR0IUbDwYmLkFnUL6TXgXA4o-3IIdP-bFJKc2ONTxtsLl-Q-H2dDKugjHe-AyVvVRmiMUna2VVEUbG3I6z0mvok19fC9Gd7kCalJuXfNBnJVyoJfCfOmDn3RepYUP7mWUAmlbtMxbud0-F90T60vIgewPN7e0", "d": "COuCJEsUHUcg39kF9S9cTt8GsaxIEP-vqI9GonGz_nC3uBFDRhyqGKj-JWWoG3Vso3i658bnJdMf1aW4KjxJon-D0nfAAZXPUj7OfJZ__D874BKRSg9NqE7uubsU3ByPvLVexqsGAy4tRCM14zwXpNM_YAe0z7c4tmSrDmUdFZUpt8YhL33jPi5KDaxtEdMrbL2OKIdrolJjJnX7loVJcSneM7bXvx-6ieDfO8HgMlmnpik3t_9HVeJ1-o30ndv5KsVG1i7NtTDgAGTqbInHD7WdRLIzgTbXTmoAWY4ccHeDNzh6S_9jKk_sQE9A1oLFUmL-7qtk8qnl9ZBDoxGIYQ", "e": "AQAB", "use": "sig", "kid": "client-PS256", "qi": "AiADA77A6JGn1iOEd2CM0c17LK6AzpGkVUzMfI_yoIzwpaJh41zd77nO_xe49e0FQNEEIjh__C4svctz7RA_90pteFDQ8TBoSmm8j6Jb-BdaDVIt_Ax77RRAiPD5ZSSqj-XzkjIUCNjghWjDz6H_k1FbcBA-lTBaia1tvioWh7A", "dp": "vue3TBAlgr8Nkqk6XrMyC1E-IeggVKl-DnggFLCcXzShA1CcLavaLU95t6IwlkXs9AsiLgbkEpsfeSxZrnxcBDRbDYWl3b3hFuSfYAHgZFiW0L9_XkC0-xgvHePkKgcmn3fFHBKZBti2lcnKMHqhw_oFiZbfY4r60mma7TmAoQ0", "alg": "PS256", "dq": "O75nNblt8Fwg6OOM2VyDSqa-sgku1WTMuPKfBnUBH76C6olhuQdY1wwEVc1_asHgNla4yzOPTxKdazLdAPUHIOUrW7cfQJCCyLT-T03y2KxZEtfAd4mV0r-0Q3Addvn3qArr61K6ZNF3L74Wg2FozFDkl6g1jN3B00XMTi27xmU", "n": "k7KVREAwJPKOfJC9Q71ZA3MZyZpv2S0wRDtz4wurqu2kNNd33-pIAkUABnSFDWxHdrXF0lL6fBJ558f5ybLk4rXE4dT0UJQLYxjBONoilkOIbZhXvtd-GWRy6bzmuRMBgUzvULTjCXSUpyllche6uStZFMRrlrRaZYGU1K0MNGmC6VzbKyYU8SJg9T9OupdtVSA0zmRtMeI7tk8-vQceonStkNrBklJ_pbqtFh-UpqRlZABJ-UqTNRY3Cm2x8X_QaEzGA-3eeRk4uNLTPVdgOOKven0lZdePRtdCowfXRxVwGrFGINonZn--gqlVc6rqo2KRIJgSTWXndIsb12G9aQ"}]
}

公钥

{"keys": [{"kty": "RSA", "e": "AQAB", "use": "sig", "kid": "client-PS256", "alg": "PS256", "n": "k7KVREAwJPKOfJC9Q71ZA3MZyZpv2S0wRDtz4wurqu2kNNd33-pIAkUABnSFDWxHdrXF0lL6fBJ558f5ybLk4rXE4dT0UJQLYxjBONoilkOIbZhXvtd-GWRy6bzmuRMBgUzvULTjCXSUpyllche6uStZFMRrlrRaZYGU1K0MNGmC6VzbKyYU8SJg9T9OupdtVSA0zmRtMeI7tk8-vQceonStkNrBklJ_pbqtFh-UpqRlZABJ-UqTNRY3Cm2x8X_QaEzGA-3eeRk4uNLTPVdgOOKven0lZdePRtdCowfXRxVwGrFGINonZn--gqlVc6rqo2KRIJgSTWXndIsb12G9aQ"}]
}

request加密

claims

{"aud": "http://localhost:8080/auth/realms/openbanking", "claims": {"id_token": {"openbanking_intent_id": {"essential": true, "value": "64a7d936-c063-45a9-bc81-40e851bc5d30"}}}, "client_id": "client-PS256", "exp": 1581680397, "iss": "client-PS256", "nonce": "SqoQKopVco", "redirect_uri": "http://localhost:8080/v3/hello", "response_type": "code id_token", "scope": "openid accounts", "state": "0nidnhEdvX"
}

header

{"kid": "client-PS256", "typ": "JWT", "alg": "PS256"
}

加密代码

public static void main(String[] args) throws Exception {Provider bc = BouncyCastleProviderSingleton.getInstance();Security.addProvider(bc);String pdpAddress = "http://localhost:8080";String realmName = "openbanking";String clientId = "client-PS256";String redirectClientId = "client-PS256";String clienSecret = "9563616a-31d2-45ce-94a2-c0109963a134";String client_alg = "PS256";String kid = "client-PS256";String openbankingIntentIdValue = "64a7d936-c063-45a9-bc81-40e851bc5d30";String state = "0nidnhEdvX";String nonce = "SqoQKopVco";String uri = "http://localhost:8080/v3/hello";OpenbankingIntentId openbankingIntentId = new OpenbankingIntentId();openbankingIntentId.setValue(openbankingIntentIdValue);openbankingIntentId.setEssential(true);IdToken idToken = new IdToken();idToken.setOpenbanking_intent_id(openbankingIntentId);ClaimsModel claimsModel = new ClaimsModel();claimsModel.setId_token(idToken);Claims claims = new Claims();StringBuffer bufferAud = new StringBuffer();bufferAud.append(pdpAddress);bufferAud.append("/auth/realms/");bufferAud.append(realmName);String aud = bufferAud.toString();claims.setAud(aud);claims.setScope("openid accounts");claims.setClaims(claimsModel);claims.setIss(clientId);claims.setResponse_type("code id_token");claims.setRedirect_uri(uri);claims.setState(state);claims.setNonce(nonce);claims.setExp(new Long(new Date(new Date().getTime() + 5 * 60 * 1000).getTime()).intValue());claims.setClient_id(clientId);JSONObject json = JSONObject.fromObject(claims);String requestObjectClaims = json.toString();BufferedReader reader = new BufferedReader(new InputStreamReader(Thread.currentThread().getContextClassLoader().getResourceAsStream("ps256jwt.json"), "UTF-8"));StringBuilder sb = new StringBuilder();String s; // 依次循环，至到读的值为空while ((s = reader.readLine()) != null) {sb.append(s);}reader.close();String jwks = sb.toString();JWTClaimsSet claimSet = JWTClaimsSet.parse(requestObjectClaims);JWKSet jwkSet = JWKSet.parse(jwks);if (jwkSet.getKeys().size() == 1) {// figure out which algorithm to useJWK jwk = jwkSet.getKeys().iterator().next();JWSSigner signer = null;if (jwk.getKeyType().equals(KeyType.RSA)) {signer = new RSASSASigner((RSAKey) jwk);} else if (jwk.getKeyType().equals(KeyType.EC)) {signer = new ECDSASigner((ECKey) jwk);} else if (jwk.getKeyType().equals(KeyType.OCT)) {signer = new MACSigner((OctetSequenceKey) jwk);}JWSHeader header = new JWSHeader(JWSAlgorithm.parse(client_alg), JOSEObjectType.JWT, null, null, null, null, null, null, null, null, kid, null, null);SignedJWT requestObject = new SignedJWT(header, claimSet);requestObject.sign(signer);
//            logger.debug("**********claims" + claimSet.toString());
//            logger.debug("**********header" + header.toString());
//            logger.debug("**********requestObject" + requestObject.serialize());
//            logger.debug("**********key" + jwk.toJSONString());StringBuffer buffer = new StringBuffer();buffer.append(pdpAddress);buffer.append("/auth/realms/");buffer.append(realmName);buffer.append("/protocol/openid-connect/auth?request=");buffer.append(requestObject.serialize());buffer.append("&client_id=");buffer.append(redirectClientId);buffer.append("&redirect_uri=");buffer.append(uri);buffer.append("&scope=openid%20accounts&response_type=code%20id_token");String path = buffer.toString();
//            logger.debug("**********path" + path);
//            resultMap.put("path", path);System.out.println("path*****" + path);}}

生成授权跳转页面地址

http://localhost:8080/auth/realms/openbanking/protocol/openid-connect/auth?request=eyJraWQiOiJjbGllbnQtUFMyNTYiLCJ0eXAiOiJKV1QiLCJhbGciOiJQUzI1NiJ9.eyJhdWQiOiJodHRwOlwvXC9sb2NhbGhvc3Q6ODA4MFwvYXV0aFwvcmVhbG1zXC9vcGVuYmFua2luZyIsInNjb3BlIjoib3BlbmlkIGFjY291bnRzIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7Im9wZW5iYW5raW5nX2ludGVudF9pZCI6eyJ2YWx1ZSI6IjY0YTdkOTM2LWMwNjMtNDVhOS1iYzgxLTQwZTg1MWJjNWQzMCIsImVzc2VudGlhbCI6dHJ1ZX19fSwiaXNzIjoiY2xpZW50LVBTMjU2IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJyZWRpcmVjdF91cmkiOiJodHRwOlwvXC9sb2NhbGhvc3Q6ODA4MFwvdjNcL2hlbGxvIiwic3RhdGUiOiIwbmlkbmhFZHZYIiwiZXhwIjoxNTgxOTIxMTk4LCJub25jZSI6IlNxb1FLb3BWY28iLCJjbGllbnRfaWQiOiJjbGllbnQtUFMyNTYifQ.TqSYiATjGMk_aHxMliYP5jzANnnCOlAjF8H5fG99g9AEPa3asWhAJJVleXoekf5T56PRYWBEqjcTqJDrTYmthTEoSIAgGd7zalztt1TuWa-0FND43VzdsC2CEsh9B7BbNraROVMY1AKBzrPeTeEdgasH-RBVj-f9dQkIhFrJWplmXEZSZ0ZyvvcelWZqklfeSWH_3OCVlmUkf5TxJLtoXpHYlWZOTe_exm-jeKK_jWzuNsBvcAAVnfDG15EgZH6M8buecXtlatnOzM-SKWxPzfxlfg4HX8e8IPkANDoemCpQCZfPvblzHfBOdl0fk5mY9LQpaz-iHgDDCEtlkAIpFA&client_id=client-PS256&redirect_uri=http://localhost:8080/v3/hello&scope=openid%20accounts&response_type=code%20id_token

授权跳转返回 code

{http://localhost:8080/auth/realms/openbanking/login-actions/authenticate?session_code=2iFMm2p6Hk3ynNwaQqDF6MRnoAuMiUn8ltUltgXfCCA&execution=b5a519cd-ce00-48fe-a890-72e4bf7fd5a1&client_id=client-RS256&tab_id=r2S0SP5L16Q
}

http://localhost:8888/v3/hello#state=0nidnhEdvX&session_state=89e57637-5e0d-4f26-b9b2-05b64bdd183a&code=f0b38a8a-1273-4b34-8f21-bbe2e1edbcfd.89e57637-5e0d-4f26-b9b2-05b64bdd183a.840ce672-051a-4630-a4bd-9eff8573ce4d
&id_token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJpdmhsSndKdm8xWlNzX1BuTTE0Q1ZFSG5fTUJ3cE5UMkQwSTlFQkFkZEw4In0.eyJqdGkiOiI4NDJjYmNlZS03MGM5LTQ0MzgtOGJhNi1kODhkMzliYmM3YTAiLCJleHAiOjE1OTA3MjIyNTIsIm5iZiI6MCwiaWF0IjoxNTkwNzIxOTUyLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvb3BlbmJhbmtpbmciLCJhdWQiOiJjbGllbnQtUlMyNTYiLCJzdWIiOiJmMTUzYmIwZS0wMDczLTQ1ZWMtODU5NC1mMzJjODQ4ZjhmYWIiLCJ0eXAiOiJJRCIsImF6cCI6ImNsaWVudC1SUzI1NiIsIm5vbmNlIjoiU3FvUUtvcFZjbyIsImF1dGhfdGltZSI6MTU5MDcyMTk1Miwic2Vzc2lvbl9zdGF0ZSI6Ijg5ZTU3NjM3LTVlMGQtNGYyNi1iOWIyLTA1YjY0YmRkMTgzYSIsImNfaGFzaCI6IlVmMHNkakVLRHhxSV9EeW4ydmV4RUEiLCJhY3IiOiIxIiwic19oYXNoIjoiZm9GbUZmUWZyTXhLWVpOTnc5SGRRQSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoib3BlbmJhbmtpbmcifQ.RyG8eCt4gCdbC1yTyi69Xl4y3397IWlCkjG0J2LdoSMaLjpi9RBMc9louH1moqfOZewJMhuF27E4DXFFbcT9fiXHLFIfRhWHDRJP5CPKVIyjBMrmF2GiPCsNyCX1cAuINc5WujTKL49xGe1FmhYdkxDxJgnVAqQXab89VXQbRk1sctc2nYGaw6q2I9pOQtivbpYrZfl2Ttegvvq4P3I2L_e3v5XskS4VMxtjAwFWngnHjOXYDLPPLmNY-mwmn-Bvl35BiP2yaq9WQKb0TiUOTnDlX_84HmxFtv6yeE65qUIIr7xcBVvF1P6JmAj2eeC4wNnkc0lN0N8Qm1MTlAOyuQ

authorization_code 获取token (只能使用一次）

client必须切换为

curl --location --request POST 'http://localhost:8080/auth/realms/openbanking/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=f0b38a8a-1273-4b34-8f21-bbe2e1edbcfd.89e57637-5e0d-4f26-b9b2-05b64bdd183a.840ce672-051a-4630-a4bd-9eff8573ce4d' \
--data-urlencode 'redirect_uri=http://localhost:8888/v3/hello' \
--data-urlencode 'client_id=client-RS256' \
--data-urlencode 'client_secret=cd949e24-1c96-4ea4-9cb8-03f61aa6c601'

获取到的token id_token中携带的是授权信息

{"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJpdmhsSndKdm8xWlNzX1BuTTE0Q1ZFSG5fTUJ3cE5UMkQwSTlFQkFkZEw4In0.eyJqdGkiOiIxMmNhZDI0Yy1kMGUzLTQ3YzctOGQwNy0wMGU4ODAyOTg4NWUiLCJleHAiOjE1OTA3MjI3MTUsIm5iZiI6MCwiaWF0IjoxNTkwNzIyNDE1LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvb3BlbmJhbmtpbmciLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiZjE1M2JiMGUtMDA3My00NWVjLTg1OTQtZjMyYzg0OGY4ZmFiIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiY2xpZW50LVJTMjU2Iiwibm9uY2UiOiJTcW9RS29wVmNvMSIsImF1dGhfdGltZSI6MTU5MDcyMjM5Mywic2Vzc2lvbl9zdGF0ZSI6IjNjZTkzOTVhLWI3YjQtNGQ2Ni05NjRlLTQ4MzcxMzhmNTFiOCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDo4ODg4Il0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoib3BlbmJhbmtpbmcifQ.IafBnpwO0nj6JfLx6QnE-bmMYIlhiSrdY7cVPkh1vk6QQbs1XnBVW8ItBmsNdBjZblycPEUQF9C7Ud3GHwOQroKJn99t-Ytsskvy7crQUBeo0GTpVtpvsM2MLvGgKRWUVH31VVL24z-M5POaBAkNiAsGqcgViQCBApIPUP5qFGoNxbyNZAftEiIX_gvygjqN91Telh5aUflsN8FYssKnbKUnNr4TGFs1avTIDYvXToNJDra99GjydgsLkoRU7kp0pjYX8H-VAxXc9jnqkJphfSzdFsYIkVjmxHhKAAD_3IXKM-83yipR5eq_2uSJq_w4ibExp-N0CyqC71pvt0pSEA","expires_in": 300,"refresh_expires_in": 1800,"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI2YmNkZmNkNy1kOTQ2LTRkNzUtYWQxMi1mZjE0ZGYxZTM4MGMifQ.eyJqdGkiOiI5NDUxOTFhOS0zYWEzLTRlYWQtYTcyYi03YWJhZWMxN2M3NWQiLCJleHAiOjE1OTA3MjQyMTUsIm5iZiI6MCwiaWF0IjoxNTkwNzIyNDE1LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvb3BlbmJhbmtpbmciLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvb3BlbmJhbmtpbmciLCJzdWIiOiJmMTUzYmIwZS0wMDczLTQ1ZWMtODU5NC1mMzJjODQ4ZjhmYWIiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiY2xpZW50LVJTMjU2Iiwibm9uY2UiOiJTcW9RS29wVmNvMSIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjNjZTkzOTVhLWI3YjQtNGQ2Ni05NjRlLTQ4MzcxMzhmNTFiOCIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCJ9.sZFYkOf-KgHlaCbOAOofiIr_Dq5xcqLHgdPGmr9za-8","token_type": "bearer","id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJpdmhsSndKdm8xWlNzX1BuTTE0Q1ZFSG5fTUJ3cE5UMkQwSTlFQkFkZEw4In0.eyJqdGkiOiJjNjZmMDE3Zi05OGU5LTQ5ZjMtOWJkNi1lNGY5OGRhOTE0MjEiLCJleHAiOjE1OTA3MjI3MTUsIm5iZiI6MCwiaWF0IjoxNTkwNzIyNDE1LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvb3BlbmJhbmtpbmciLCJhdWQiOiJjbGllbnQtUlMyNTYiLCJzdWIiOiJmMTUzYmIwZS0wMDczLTQ1ZWMtODU5NC1mMzJjODQ4ZjhmYWIiLCJ0eXAiOiJJRCIsImF6cCI6ImNsaWVudC1SUzI1NiIsIm5vbmNlIjoiU3FvUUtvcFZjbzEiLCJhdXRoX3RpbWUiOjE1OTA3MjIzOTMsInNlc3Npb25fc3RhdGUiOiIzY2U5Mzk1YS1iN2I0LTRkNjYtOTY0ZS00ODM3MTM4ZjUxYjgiLCJhY3IiOiIxIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJvcGVuYmFua2luZyJ9.c6n_QfMIlTCoZLoWwxaIrlt4L7qBmS5x91bcU31okW2xMgQsDNP_GBLUEjtIthP8hwtXnOh1UZKxrKxrVae0nxdLFxrZ9-t6FHXBseNRK8-JwWxijdvzSBj6UrAnHeUxDPdWsYF6gLn3_KOCJq0bGkXTPzJ6p0n6gZP-3070vvkrkWmjcTCh3wCrcpEIpI8o5z8QlqHLTbFEg78lkLZKhY8oEQZbIkMKJM3Xkz4lrvRGu3tZIAU3RfyyAwsRXwojwiugeS7GLHrNdoalUiR9oyor3NQ3fUfAASp-opracFKijzjbWxng3xNgkwa9biCBmAMgtiTNFLEOKPKbp9oSVA","not-before-policy": 1590722346,"session_state": "3ce9395a-b7b4-4d66-964e-4837138f51b8","scope": "openid profile email"
}

token解析

curl --location --request POST 'http://localhost:8080/auth/realms/openbanking/protocol/openid-connect/token/introspect' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=client-RS256' \
--data-urlencode 'client_secret=cd949e24-1c96-4ea4-9cb8-03f61aa6c601' \
--data-urlencode 'token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJpdmhsSndKdm8xWlNzX1BuTTE0Q1ZFSG5fTUJ3cE5UMkQwSTlFQkFkZEw4In0.eyJqdGkiOiI1MTdjNjQ4MS00ODNkLTRiM2EtODcxYy1jMWNkODQ0M2JkZDkiLCJleHAiOjE1OTA3MjM1NTUsIm5iZiI6MCwiaWF0IjoxNTkwNzIzMjU1LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvb3BlbmJhbmtpbmciLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiZjE1M2JiMGUtMDA3My00NWVjLTg1OTQtZjMyYzg0OGY4ZmFiIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiY2xpZW50LVJTMjU2Iiwibm9uY2UiOiJTcW9RS29wVmNvMyIsImF1dGhfdGltZSI6MTU5MDcyMzIyNSwic2Vzc2lvbl9zdGF0ZSI6IjliODg4MDJiLWUxN2YtNDRiNC04NDdkLTU3ZDExOTQ0ZGU2OSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDo4ODg4Il0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoib3BlbmJhbmtpbmcifQ.b8P3gH46pH4fQJgoo4oPyDikGrxljZy_txEiQhPjh7iOivv22HGuqALK4SEmu0SoxaZ7qv4yj-hks0Dbn-RjWUncoLacDHEAXutsLQcE2LDAgEBVKzscpz7Om1cPMUvufH9ruMquohv0n9E-jJ-CBDljynhY12bN_kBKdB_t04rN6ZhqdpxB--vgzPrveXVuW_xzoOwFBswaC7ZsRZSEe77pOIBoZrhEzE-0nQ8VUaUxalNlnXiWJY4xolciqddPZ7iz1Mc6XLi_Q0SoW4Ut5vFpcv8QQDJnfrJSz3GifvFZZeqmuwsmIeUWJ202qqMksW3c-Ka0Uf9jcK1iDtvRLg'

解析完成

{"jti": "517c6481-483d-4b3a-871c-c1cd8443bdd9","exp": 1590723555,"nbf": 0,"iat": 1590723255,"iss": "http://localhost:8080/auth/realms/openbanking","aud": "account","sub": "f153bb0e-0073-45ec-8594-f32c848f8fab","typ": "Bearer","azp": "client-RS256","nonce": "SqoQKopVco3","auth_time": 1590723225,"session_state": "9b88802b-e17f-44b4-847d-57d11944de69","preferred_username": "openbanking","email_verified": false,"acr": "1","allowed-origins": ["http://localhost:8888"],"realm_access": {"roles": ["offline_access","uma_authorization"]},"resource_access": {"account": {"roles": ["manage-account","manage-account-links","view-profile"]}},"scope": "openid profile email","client_id": "client-RS256","username": "openbanking","active": true
}

id token解析

{"jti": "bc4a2dc8-9e8b-4314-8d42-31d7fa9ff3bf","exp": 1590724567,"nbf": 0,"iat": 1590724267,"iss": "http://localhost:8080/auth/realms/openbanking","aud": "client-RS256","sub": "f153bb0e-0073-45ec-8594-f32c848f8fab","typ": "ID","azp": "client-RS256","nonce": "SqoQKopVco3","auth_time": 1590724220,"session_state": "23a61c31-50b4-4ace-92f6-b81028f083c8","preferred_username": "openbanking","email_verified": false,"acr": "1","client_id": "client-RS256","username": "openbanking","active": true
}

keycloak授权流程详解相关推荐

1. 助创cms众筹 php,【教程】助创cms众筹系统完整测试流程详解

   原标题:[教程]助创cms众筹系统完整测试流程详解 这两年提到互联网金融,不得不提的一个词语:众筹.的确相比飘忽不定的股市和频发跑路P2P,众筹具备低风险,收益高,周期短等各方面的优势.为了帮助更多朋 ...

2. 无人机航测流程详解：航线规划、像控点布设、CC刺点建模及CASS成图

   无人机航测是传统航空摄影测量手段的有力补充,具有机动灵活.高效快速.精细准确.作业成本低.适用范围广.生产周期短等特点,在小区域和飞行困难地区高分辨率影像快速获取方面具有明显优势,随着无人机与数码相机 ...

3. 2016年最新苹果开发者账号注册流程详解（公司账号篇）

   随着苹果规定金融/理财类应用需要使用公司开发者账号上传,并进一步加大对此类问题的审核力度,公司开发者账号开始呈现出炙手可热之势! 不过,公司开发者账号的注册流程着实复杂--不仅要填写公司的D-U-N- ...

4. 2016 年最新苹果开发者账号注册流程详解（个人账号篇）

   苹果宣布 Search Ads 重磅上线的同时,也向开发者传达了一个好消息:申请注册 Search Ads 即可获得 100 美元账户余额.虽然竞价广告目前仅限美国区,但此项福利却在中国区引发了一场规 ...

5. IMS AKA鉴权及应用流程详解

   IMS AKA鉴权及应用流程详解 @auth doubleRabbit @date 2017-03-14 目的 了解鉴权及通信类业务相关鉴权算法的概念原理 了解IMS注册流程 了解IMS鉴权流程应用 ...

6. 思科考试注册流程详解----VUE考点现场演示-晁海江-专题视频课程

   思科考试注册流程详解----VUE考点现场演示-5201人已学习 课程介绍         更多课程,请百度搜索"晁海江". 备注:注册过程中,使用的姓名.电话.思科ID等,均是临 ...

7. 2022苹果开发者账号注册流程详解（公司账号）

   公司开发者账号注册流程详解: 一.注册公司账号前需要提供的信息: 1)邮箱,邮箱密码: 2)微信或支付宝或储蓄卡或者信用卡(原来是必须有需要带国际支付能力银行卡(visa银行卡,实际上是转账到国外的苹 ...

8. 跨境电商三单对碰三单申报流程详解

   跨境电商三单对碰三单申报流程详解 概要:三单申报是指"电子订单.电子运单.支付凭证". 1.电子订单: 适合申报企业类型"电商企业.电商交易平台.电商境内代理企业&quo ...

9. Android事件流程详解

   Android事件流程详解 网络上有不少博客讲述了android的事件分发机制和处理流程机制,但是看过千遍,总还是觉得有些迷迷糊糊,因此特地抽出一天事件来亲测下,向像我一样的广大入门程序员详细讲述an ...

10. 基于spark mllib_Spark高级分析指南 | 机器学习和分析流程详解（下）

    - 点击上方"中国统计网"订阅我吧!- 我们在Spark高级分析指南 | 机器学习和分析流程详解(上)快速介绍了一下不同的高级分析应用和用力,从推荐到回归.但这只是实际高级分析过程 ...

最新文章

1. PLSQL连Oracle数据库Could not load ……\bin\oci.dll
2. 双系统启动boot.ini文件的秘密
3. PL/SQL高级编程
4. 宠物龟 扫地机器人_有宠物家庭必选 岚豹扫地机器人太实用了
5. 开发日记-20190906 关键词 当当云阅读 ipad
6. TCL with SNPS get_attributesget_lib_attributelist_attributsreport_attribute
7. Leetcode题解（十七）
8. python制作gif动画_实用的Python（2）利用Python制作gif动图
9. 树莓派安装Ubuntu MATE及ROS系统
10. 信息学奥赛一本通 1079：计算分数加减表达式的值 | OpenJudge NOI 1.5 33
11. RedisConf2018记录--Day 1 sessions
12. 可用于神经网络的一些matlab函数
13. Maven-打外部jar包
14. 国网英语计算机职称考试技巧,计算机职称考试通关的三大技巧
15. Tomcat的设置3——设置虚拟主机
16. 30000台苹果电脑遭恶意软件入侵，包括最新的M1系列！
17. 【可爱甜美圆嘟嘟的孩子壁纸】
18. 实验四 201771010101 白玛次仁
19. android高德地图计算行驶里程,高德地图批量统计驾车轨迹的用时及总里程
20. C语言实例-----五人分鱼

热门文章

1. Windows令牌窃取提权和烂土豆提权学习
2. Windows 实用小工具
3. win10如何禁用\删除讨厌的ff新鲜事（ff新推荐）（flash弹窗广告）
4. c语言中cmp的用法,cMP＋cplay值得一试!（附下载地址和简要使用说明）
5. c语言课程设计报告内容,c语言课程设计报告
6. c语言测试及答案,C语言测试题及答案解析
7. Delphi中TEdgeBrowser控件初探
8. iphone 目录大全
9. iPhone/iPad各种文件路径详解 帮助了解自己的iphone和ipad
10. 破解版超级数据恢复软件-内含已破解注册码