Should I explicitly verify Keycloak token or this is done by Keycloak adapter?
问题 There is a Spring-boot REST API, that needs to be secured by Keycloak, the application is using Keycloak-Spring-Security adapter (6.0.1). A call to an API endpoint, carries along the bearer token, obtained from Keycloak (currently through postman). I'm able to perform a successful REST endpoint call, but other thing is troubling me - should I explicitly verify the token against the public key? 1 - Is the adapter performing verification of the token against the public key, or should I