Hi,
is it possible to use own Signing Key (certificate) to sign JWT tokens?
thanks
Hey there @banto, good question! To answer your question, no it is not possible to use your own key to sign JWT tokens - These are unique to each tenant and stored in a Key Management System (KMS). This is at its core a security precaution.
…but then I am more doubtful now 
As I have seen a case where an Auth0 customer was using the metadata https://customer-domain/metadata/.well-known/jwks.json with its own certificate; i.e. the attribute “x5c”: was point to their certificate.
So either I miss something or it is possible to use custom certificate for signing keys. Can you please double check? thanks
I double checked internally and the consensus was that what you’ve described isn’t supported - I’d be curious to know if there is somewhere you can point to that shows where this has been implemented? I’m unable to find any documentation whatsoever 
As an aside, it is possible to provide a custom cert for SAML connections:
I’ve clarified with customer and you are right. Their certificate was for another purpose indeed. Else they use Auth0 cert to verify the token issued by Auth0.
1 Like
Thanks for following up here 
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.