Couldn’t really understand it from the docs, is it possible for me to provide my own private key/keypair?
My scenario is that we are moving from one Auth provider to Auth0, but in order to support all services that are protected by the this token, I need the signature to match (meaning that they can stil verify the token against the old jwks endpoint)
Is this possible?
Any response on this?
Hi Ore
It is not possible to upload your own private key. However, you should be able to handle this situation with a little programming. Every key has a key identifier. You can create a cache containing keys from both the old and new providers, and verify tokens against all keys in the cache (based on key identifier).
This idea has not been approved by security, I would suggest running it by your security team.
John
Hey John
I’m aware of the ability to add another verification scheme against the new Auth0 token, however we are in a microservice architecture and there are a large number of these services. If I have to go one by one and switch their URL for fetching the public key its going to be a problem
Hey there!
Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.
Wanted to reach out to know if you still require further assistance?