Where is the RSA public key?

kkrp1 · December 14, 2023, 1:42pm

I’m trying to understand how to validate an RS256 JWT. This guide says I need the RSA public key for this, which I can obtain from application > settings > advanced settings > certificates > signed certificate > public key.

But this field does not exist, at least for me. The fields under certificates that I have are:

signing certificate (contains a cert beginning -----BEGIN CERTIFICATE----
signing certificate fingerprint
signing certificate thumbprint

rueben.tiow · December 14, 2023, 9:06pm

Hi @kkrp1,

Thanks for reaching out to the Auth0 Community!

To verify the signature of a token from one of your applications in RS256,

We recommend that you get the Public Key from your tenant’s JWKS here: https://{yourDomain}/.well-known/jwks.json

Reference:

RS256 vs HS256 JWT signing algorithms

Please let me know if you have any questions.

Thanks,
Rueben

system · December 28, 2023, 9:07pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.