Hey guys. I have created auth0 API so can retrieve JWT if passing ‘audience’ while authenticating user.
I want to add JWT middleware to my .net WebApi application. I’m following quickstart provided in my API panel and everything is working fine.
But quickstart doesnt specify how can i force my middleware to validate that my JWT was been signed using specific secret (screenshot).
Are my thoughts right? Or i’m missing some puzzles and validation against specific secret is not required? How does API then can know if JWT why signed by valid authority? If it’s required what is the secret? Is it the secret that i see in my application dashboard?
Thank you in advance:)