Signing keys to sign and verify JWT

[tjhoo]

Hi

In this example, it is not clear to me how to generate and distribute the signing key and place into storage to sign a JWT (on the server) and verify the JWT (on another server).

It would be very helpful to see more detailed steps.

[sergiodxa]

Here's an example on how to get the JWKS from a remote server https://github.com/edgefirst-dev/jwt?tab=readme-ov-file#verify-a-jwt-from-remote-jwks

So your need to expose your signing keys from an endpoint (usually /.well-known/jwks.json) and then use JWK.importRemote to import them.

Below that example there's another one that shows how to expose them.