learn hapi — JWT Verification via JWKS API Endpoint

JWT authentication uses a secret to sign or encrypt the tokens. Using an asymmetric algorithm based on a public/private key pair comes with some benefits. One benefit is that you can share the public key with anyone on the Internet. Of course, you must keep your private key safe and secure.

In the previous tutorial, you created an API endpoint to provide a JSON web key set (JWKS). Based on the JWKS, you can derive the RSA public keys and use them to verify a JWT signature.

This is what you’ll implement in this tutorial: verifying JWTs based on RSA public keys using the API endpoint providing a JWKS. As a result of this implementation, you don’t need to copy or set up key files at the authenticating parties. The API endpoint is the single source of truth!

hapi Series Overview

Continue reading

University Enrollment Required

Future Students benefit from value packed videos and tutorials.

Enroll to receive exclusive content or sign in if you’re already a Future Student.

Enroll me for $15/mo

Explore the Library

Find interesting tutorials and solutions for your problems.