The documentation uses the default .AddJwtBearer() method without any options. However, the JWTs generated are signed and the signature is validated somehow. Wouldn't this require the public key to be stored somewhere for the API to verify the given signature? Where is it stored?
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
ID: f76a2aaf-732a-f686-343b-d811faa43d44
Version Independent ID: f76a2aaf-732a-f686-343b-d811faa43d44
Afaik (and after going through its sources), the default .AddJwtBearer doesnt issue the JWTs, it only validates them using a given signing key.
Generation of the JWTs is left to another party.
The documentation uses the default
.AddJwtBearer()
method without any options. However, the JWTs generated are signed and the signature is validated somehow. Wouldn't this require the public key to be stored somewhere for the API to verify the given signature? Where is it stored?Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.