Securing Quarkus services with MicroProfile JWT

In the previous example, we covered how to use Keycloak to authenticate and authorize requests using a bearer token. A bearer token alone, however, is a simplified security schema since it's based on exchanging a potentially arbitrary string.

Any client in possession of a valid bearer token can use it to get access to the associated resources without demonstrating his/her identity, which can only be verified with a cryptographic key. In order to fill this gap, we will learn how to use JSON Web Tokens (JWTs), an encoding standard for tokens, using a JSON data payload that can be signed and encrypted. A JWT includes the following sections:

  • Header: This is a Base64-encoded string and consists ...

Get Hands-On Cloud-Native Applications with Java and Quarkus now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.