RSA JWT verification example mentions private key

auth0 / java-jwt

Java implementation of JSON Web Token (JWT)

MIT License

5.85k stars 922 forks source link

RSA JWT verification example mentions private key #189

Closed advoretsky closed 7 years ago

advoretsky commented 7 years ago

usage of the private key in the 'verification' example is confusing:

Algorithm algorithm = Algorithm.RSA256(publicKey, privateKey);
JWTVerifier verifier = JWT.require(algorithm)

lbalmaceda commented 7 years ago

That's because the Algorithm instance is reusable and works for JWT creation as well. The 'signing' sample has the same problem. The readme is meant to be read in order.. You can ignore one of the keys (null) as long as the other is valid. This is explained here.