...
The system is in possession of a Public/Private key pair.
This is the same as the service consumer system’s certificate in 'Serviceplatformen'
The public key must be registered in Keycloak as well
The system has a client in Keycloak with a
client_id.The systems Public Key is registered for the client.
...
jti: JWT ID - Unique identifier for this token.iss: Issuer - Who created the token. (In this case it is theclient_id)sub: Subject - Whom the token refers to. (In this case it is also theclient_id)aud: Audience - What the token is intended for. (In this case it is the keycloak realm info url)iat: Issued at - When the token was created. (seconds since UNIX epoch)exp: Expiration time - When the token expires (seconds since UNIX epoch)nbf: Not valid before - When the token validity starts (seconds since UNIX epoch)
...