Why not asymetric crypto?

[levino]

I dont get why you rely on a shared secret between SSO server and microservice. Why not use a private Key for the server and the according public key on the microservice?

[robertjd]

Hi @Levino , thanks for the question! The choice as actually up to you, this library supports shared keys, or public/private keys. Please take a look at this test to see how to do asymmetric with RSA:

https://github.com/jwtk/njwt/blob/master/test/rsa.js

Please let us know if this is what you're looking for?