Where is the Auth0 public key to be used in jwt.io to verify the signature of a RS256 token?

If the token in question is signed with RS256 then you can quickly obtain the public key to use for validation by downloading it from https://[your_domain].auth0.com/pem. Have in mind this is just a quick shortcut to get to the key and be able to validate tokens in jwt.io. For applications and resource servers that need to validate JWT’s that they receive they should obtain the keys from https://[your_domain].auth0.com/.well-known/jwks.json as the response to that endpoint follows a certain schema that is already supported in many libraries.

7 Likes