I am looking into sign JWT token with secret key (pem).
I did some investigation and it seems JWT is suppose to utilize private key to sign the claim.
What if can I sign the JWT claims with public key instead?
There's similar question here can json web token sign with public key, but without accepted answer.
Could someone explain in depth, why signing with private key is preferred?
Thanks.
I've tried to google, and found no explicit example for signing JWT claim with public key.
I did more investigation, tried with signing with public key.
Here's the conclusion:
To sign with public key is:
Refer to details below:
Thanks everyone for clarifying this.