learn hapi — Provide a JWKS API Endpoint

When using JSON web tokens in your application, it’s required to have at least a secret key. Using a secret key comes with a simple setup. The downside here, you must share the secret between the parties interacting with the JWT.

Going one step further, you could create and use an RSA key pair. The key pair has two components: the private key signs a JWT and the public key verifies it.

In this scenario, the private key represents the secret and should never be shared with anyone. The second component, the public key, can be available to everyone.

This comes handy because it allows you to share the public keys without security concerns. You can create an API endpoint serving the public keys in a defined format. Services interacting with your platform can then use this API endpoint to fetch the public keys and verify JWTs from incoming requests.

Sounds awesome! This is what you’ll build in this tutorial: providing a JWKS API endpoint to serve your application’s public key which then can be used to verify JWTs.

hapi Series Overview

Continue reading

University Enrollment Required

Future Students benefit from value packed videos and tutorials.

Enroll to receive exclusive content or sign in if you’re already a Future Student.

Enroll me for $15/mo

Explore the Library

Find interesting tutorials and solutions for your problems.