Signing JWT Token in Rule with Tenant's Private Key

calqulate · May 23, 2020, 9:36am

Hello,

In the Redirect from Rule scenario, I understood that we need to sign the JWT token containing information being passed to the SPA. Must we create our own private/public key pair to do so, or can we use the existing Tenant’s private key to sign the token with?

Thank you

thameera · May 24, 2020, 11:59am

Hey @calqulate, the tenant’s private key cannot be accessed for this, so you need to either use your own key pair (in case of RS256) or your own secret (in case of HS256).

konrad.sopala · May 25, 2020, 7:14am

Thanks for providing that knowledge @thameera!