I signed up for Auth0 and created an application and API. The code base we have is okd version JAX-RS and I haven’t been able to use the quickstarts. So I would like to use java-jwt to verify the token in the API.
However, so setup java-jwt you need the public and private key RSA keys.
- Why do I need the to supply the keys? shouldn’t the library get them from the “well-known” urls?
- Why would I need the private key at all to verify jwt tokens?