I have been following yours posts regarding testing JWT bearer flows with ForgeRock.
From your most recent posts I understood that you used tools like https://kjur.github.io/jsrsasign/tool/tool_jwt.html to generate a signed JWT and using tools like https://8gwifi.org/jwkconvertfunctions.jsp you could get JWK that is to be configured under JWK set under Realms > Realm Name > Applications > Agents > Trusted JWT Issuer.
Currently we tried the following steps and are getting error ‘JWT Signature is invalid’
1.Generated example.jks file using keystore command
2.Generated example.cert file using the above example.jks file(RSA algorithm)
3.Generated JWT token using Nimbus JOSE library(using JAVA program)
4.Using your suggestion retrieved JWK set from example.cert using https://8gwifi.org/jwkconvertfunctions.jsp
5.Configured the above retrieved JWK set in under Realms > Realm Name > Applications > Agents > Trusted JWT Issuer.
6.Invoke the below curl command to retrieve access token from ForgeRock which is giving ‘JWT Signature is invalid’ error
curl –request POST –data “client_id=my-client-id” –data “client_secret=password” –data “grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer” –data “assertion=eyJ4NXQjUzI1” –data “redirect_uri=http://www.example.com” http://hostname:port/openam/oauth2/access_token
Since we are getting error & you are able to successfully test using online tools,kindly request you to give few more details on how you could test this flow.
1.Details/example on how you used https://kjur.github.io/jsrsasign/tool/tool_jwt.html to generate a sample JWT
2.How you retrieved .pem file from the above step so that JWK is retrieved using https://8gwifi.org/jwkconvertfunctions.jsp
Also please let us know if we are missing any configuration steps.