Hey ya'll! Client/Server JWT verification question...
# multiplatform
h
Hey ya'll! Client/Server JWT verification question here... So I have created a relatively simple API using Ktor, and am hosting it on AWS. The ".well-known" endpoint returns the JWKS json, so I can easily retrieve that in my CMP app, and the API is also returning an RS256 JWT when the user signs in. However, I am seeming to find mixed info on to what extent I should work to verify the returned JWT in the client. Under normal circumstances, I would just go ahead and verify as this is most definitely the more secure route, but I am struggling to find any supporting libraries that can build the RS256 public key from the JWKS json. I have however read multiple times that it is likely not recommended to try to build this functionality myself. Does anyone have any advice? Has anyone done this before? Any and all input is appreciated!