Cannot lookup public key for kid
-
Hello,
I'm on FusionAuth version [1.20.1] launched with provided docker-compose.yml
After successful login my backend service looks at the JWT and want to verify the token by retrieving the corresponding public signing key.The JWT header says:
{ "alg": "HS256", "typ": "JWT", "kid": "52d751231" }
But looking that key up results in Not Found
curl -i http://localhost:9011/api/jwt/public-key?kid=52d751231 HTTP/1.1 404
But the kid mentioned above matches the Default signing key listed under http://localhost:9011/admin/key/ in the admin interface.
Am I doing it wrong? How can I get the public signing key?
-
@me found the missing piece here https://fusionauth.io/community/forum/topic/404/
One has to generate a JWT signing key pair on the FA application in question.
-
Yup, you got it!
And also HMAC keys will never be displayed in the
public-key
list. Since they are symmetric, displaying them in that list would let anyone viewing them sign JWTs indistinguishable from those signed by FusionAuth.