You need to sign in or sign up before continuing.
JWT "secret" option should be renamed to reflect the fact that it's a public key
The following discussion from !922 (merged) should be addressed:
-
@cpratt34 started a discussion: (+1 comment) Lets only support one mode
secret
orjwks
.. would add some quick exception handling to validate one is set and not both.Also isn't
secret
here actually a public value? My understanding is that thekey
argument to decode is the public key which validates the issuer signature?