I am fresh man, and reviewing docs step by step.
Signing Algorithms
Hey @anlexN welcome to the community!
When the private key is rotated, only the linked public keys will work to validate any subsequently minted tokens. To answer your question, no a pre-existing public key cannot validate any JWT created using the new private key. The statement you’ve pointed out is true because SDKs using RS256 to validate tokens will have access to your tenants /.well-known/jwks.json endpoint with the updated public keys.
For example, jwksUri OR issuerBaseURL in express-oauth2-jwt-bearer.
Hope this helps to clarify!
No problem, happy to help!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.