Closed fourteenminusone closed 6 years ago
Just a friendly reminder: JJWT's GitHub issues are for actionable work that requires changes to the JJWT codebase. Please use StackOverflow with the #jjwt
tag for usability/help questions. Thanks!
As to your question:
Yes, you should verify a signed JWT (aka 'JWS') with the public key, and your code example looks good.
Only the private key should be used to create a JWS, but the public key can be used to verify it.
Hi,
I have a JWT signed with a RSA256 algorithm. What about to validate a JWT like this one? Do I have to use the same statement as the README.md reports, using the public key got from the public certificate used to sign the JWT?
Thank you!