How to configure RS256 algorithm for jwt

Trying to figure out how to configure Jitsi to allow RS256 in jwt. Where is private and public key defined?

mentions RS256 but there is no reference to how it is configured

That’s the JWT docs for JaaS. If you’re using JaaS, you can use the console to generate the key pair then download the private key to use for signing tokens. Or you can generate your own and upload the public key to JaaS.

If you’re self hosting, you want to look at this doc instead:

In this case you would host the public key somewhere accessible by your server then specify the location using asap_key_server var in your prosody config.

@shawn thanks appreciate it! This is self hosted scenario

Trying to get my head around how it works

“kid”: “jitsi/custom_key_name”,
“typ”: “JWT”,
“alg”: “RS256”

Then point either have a shared secret or point to a public key via asap_key_server = “”;

But where is the private key, do you put it in the signature of the jwt when it is generated?

You use it to sign your jwt. The server uses a public key by downloading it from some server to verify the signature.

1 Like