Node-jwks-rsa: expressJwtSecret: why is it called "secret"?

I am unclear re the expressJwtSecret() secret provider generator. If it’s role is to retrieve a public key - why is it called “secret”? Is there some handling of secrets that I am missing?

Hi @cretaceousflower,

Welcome to the Auth0 Community!

In the case where you are using a public key, it is not actually a secret, and it appears to simply be a naming decision. Here is an example where they are using the public key as the variable for secret: