keycloak: Invalid signature on token received through docker-v2 protocol

Describe the bug

The token received after authenticating through docker-v2 protocol within RH-SSO 7.5.0 has invalid signature per jwt.io

Version

Keycloak 15.0.1 / RH-SSO 7.5.0

Expected behavior

There should not be invalid signature error.

Actual behavior

The token received has invalid signature.

How to Reproduce?

• Run RH-SSO with docker feature flag enabled.

  standalone.sh -Dkeycloak.profile.feature.docker=enabled

• Create a client for e.g docker-registry in master realm that supports docker-v2 protocol.

• Add a user within master realm and assign username and password.

• Query docker protocol through and obtain access token.

  curl -u ${username}:${password} 'http://localhost:8080/auth/realms/master/protocol/docker-v2/auth?service=${client_id}

Here is a test token obtained after authentication. Pasting this token into jwt.io invalid signature. I’m not sure if the format is invalid given the actual signature verification requires public key.

eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJISEtUOkNJUUk6NTdIUTpWRkFJOjRUWDI6UURYTjpUQ1Y3OlVRS046VFBBTTpOQ0xVOlhFVE06Q0IyWCJ9.eyJleHAiOjE2NDMxMzczMTcsIm5iZiI6MTY0MzEzNzI1NywiaWF0IjoxNjQzMTM3MjU3LCJqdGkiOiIzYTAwYTRhZS1jNzc2LTQ4NzYtYmI0OC1kYjI0MWE0YzMwN2UiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvbWFzdGVyIiwiYXVkIjoiZG9ja2VyLXJlZ2lzdHJ5Iiwic3ViIjoidGVzdC11c2VyIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiZG9ja2VyLXJlZ2lzdHJ5IiwiYWNjZXNzIjpbXX0.NyJhwRQqaMzP8fOFId-GjFvcR5xy6-QUF54HgLsPM9471ttUjHJFJFcBk00JUk8k_-vO6kn7dHHiO9997ZU11eyHvSZbR0ZJkxo8ZnInWv_9jau2utbb0WnukwflGb5dG91XymKZGGBRlRAHIlBdo8HTmgidR8sVqKeELe53qCjkTcoaf7Gz4oCoAUyudInQ2bfHzHCmDnxKhYe2OlMN15x655ofiB7K_Cg5OqsunjOuY64G3AYzbk0h66Cp75d__Z5hSluxh9XY7X5GBF3OpN5miAJWrZihZVlLKkzQcuikEGMEJA5fkZ43wDqFIqjDvoV9senrgbKmobXMcVumMQ

Anything else?

No response