Skip to content

Commit

Permalink
readme: clarify usage of the JWT private key (#16)
Browse files Browse the repository at this point in the history 
Saying that the client is using the private key isn't really
clear. Indeed the private key is not used by the browsers client, but
the server “client”.

I tried to clarify this by modifying the sentence.

Let me know if you have a better phrasing.
  • Loading branch information
@paulRbr
paulRbr authored Dec 11, 2024
1 parent 46dda0d commit 80c8100
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ Use the following script to create your first JWT signing keys:

This will generate a RSA key pair and add it to the `.env` file with the following variables:
- `JWT_SIGNING_PUBLIC_KEY`: Public key for token verification (used by the proxy)
- `JWT_SIGNING_PRIVATE_KEY`: Private key for token signing (used by clients making the requests)
- `JWT_SIGNING_PRIVATE_KEY`: Private key for token signing (used by the server exposing a web HTTP client allowing only specific requests)

If later on you need to rotate the keys you will need to remove them manually from the .env file before exectuting the script again.

Expand Down

0 comments on commit 80c8100

Please sign in to comment.