In the Redirect from Rule scenario, I understood that we need to sign the JWT token containing information being passed to the SPA. Must we create our own private/public key pair to do so, or can we use the existing Tenant’s private key to sign the token with?
Hey @calqulate, the tenant’s private key cannot be accessed for this, so you need to either use your own key pair (in case of RS256) or your own secret (in case of HS256).