Signing JWT Token in Rule with Tenant's Private Key

Hello,

In the Redirect from Rule scenario, I understood that we need to sign the JWT token containing information being passed to the SPA. Must we create our own private/public key pair to do so, or can we use the existing Tenant’s private key to sign the token with?

Thank you

Hey @calqulate, the tenant’s private key cannot be accessed for this, so you need to either use your own key pair (in case of RS256) or your own secret (in case of HS256).

1 Like

Thanks for providing that knowledge @thameera!