Auth0 Home Blog Docs

Upload my own private key

#1

Couldn’t really understand it from the docs, is it possible for me to provide my own private key/keypair?

My scenario is that we are moving from one Auth provider to Auth0, but in order to support all services that are protected by the this token, I need the signature to match (meaning that they can stil verify the token against the old jwks endpoint)

Is this possible?

#2

Any response on this?

#3

Hi Ore

It is not possible to upload your own private key. However, you should be able to handle this situation with a little programming. Every key has a key identifier. You can create a cache containing keys from both the old and new providers, and verify tokens against all keys in the cache (based on key identifier).

This idea has not been approved by security, I would suggest running it by your security team.

John

#4

Hey John

I’m aware of the ability to add another verification scheme against the new Auth0 token, however we are in a microservice architecture and there are a large number of these services. If I have to go one by one and switch their URL for fetching the public key its going to be a problem