...
The system is in possession of a Public/Private key pair.
The system has a client in Keycloak.
The systems Public Key is registered for the client.
In order to authenticateobtain access tokens from Keycloak, the system must provide a signed JWT (, i.e. JWS) on each access token request to Keycloak.
The system issues the JWS itself and signs it with its own private key.
See also jwt.io for a comprehensive list of software libraries for token signing.
The JWS must have the following fields in the header:
...