DEV Community

Discussion on: JWT Authentication with Asymmetric Encryption using certificates in ASP.NET Core

manju_naika_d9b9f7b2b3378 profile image
Manju Naika

Hey Hi, I am new to this JWT. I got little confusion.
In the Above article it says public key will be used to encrypt and private key will used to decrypt.

But the Token Generation method is using a private key to generate and public key is getting used to validate the generated token.

As public key is a shared key(which we can share the key across all our vendors/client) what they will with that key ?? they cant create a token(if they wish to) as it is used for verification.

Flow Chart(My understanding)
Client -----Requesting for Access---->In return the Web API project will send a token ----> Client uses the token to access the API --> Web API Project will validate token and shares the data.

so in the above process why client should know the public key.

Can you please explain with a example in general using example as 1 Web API is getting access by multiple vendors/client ?