Auth0 Home Blog Docs

If we can not get the private key when use choose RSA256 as JWT signature algorithm

Hi, I’m trying to verify JWT token at server side. And I found a way here https://github.com/auth0/java-jwt. When verify the token, the private key can be null. I’m simply curious how I can get the private key. Or it’s not visible to us. Thanks.

For JWT’s issued by the Auth0 service using the RSA256 approach you will not be able to get access to the private key. This key is specific to your tenant and managed by the service on your behalf so you will not have access to it.

You will only have access to the public key which you can use to validate the tokens.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.