examples icon indicating copy to clipboard operation
examples copied to clipboard

Published 20 hours ago verified publisher icon serverless

[Auth0 Custom Authorizers] Best practice for storing/accessing public key in production?

Open tonyjmartinez opened this issue 5 years ago • 1 comments
trafficstars

I'm following this example.

What would be the recommended way to store and access the public key in production? Check it in to version control? I know that I can sls deploy, but what if I want to use CI (in this case https://seed.run)?

tonyjmartinez avatar Mar 05 '20 16:03 tonyjmartinez

that is an interesting example there.

the "default" auth0 SDKs download it "dynamically" from https://{AUTH0_DOMAIN}/.well-known/jwks.json.

see Locate JSON Web Key Sets and maybe click through Validate JSON Web Tokens

spawn-guy avatar Apr 30 '20 11:04 spawn-guy