Hey, I am trying to authenticate my user using jwt token signed with RSA key. I have configured the same in my application's jwt section. Now, when I put the encrypted access token to any JWT debugger website like token.dev, I can get the "private key" as well as the "public key" in the JWT signature. Since, this way any one can get the private key and then forge the jwt, I would like to know how we are ensuring the authenticity? Also, is it expected behavior or I am making some mistake? Your help would be highly appreciated.