JWKS and RS256: Dropping the Shared JWT Secret

Mon, 22 Jun 2026 00:00:00 +0000

Why verify-only apps shouldn’t hold the signing key #

v07 added OpenID Connect on top of v06’s split architecture. The id_token is a signed JWT. Mode B access tokens are JWTs too. Both used HS256 with a shared JWT_SECRET copied into three .env files.

That worked in a toy lab. It is not how production IdPs ship.

Concern	v07 (HS256 + `JWT_SECRET`)	v08 (RS256 + JWKS)
Who can sign tokens?	Any process with `JWT_SECRET`	Only the auth server (private key)
Who can verify tokens?	Any process with `JWT_SECRET`	Anyone with the public key from `jwks_uri`
Key rotation	Re-sync `JWT_SECRET` everywhere	Publish new key in JWKS; verifiers pick by `kid`
Discovery	`id_token_signing_alg_values_supported: ["HS256"]`	`["RS256"]` + `jwks_uri`
Real IdPs (Google, Okta, Auth0)	Not available (no shared secret)	RS256; public keys at `jwks_uri` in discovery

What HS256 actually means #

HS256 is symmetric: one secret signs and verifies. In v07, the client verified id_token with JWT_SECRET and the resource server verified Mode B access tokens with the same secret while the auth server signed with it.

Jwks on Sauvik Biswas

JWKS and RS256: Dropping the Shared JWT Secret

Why verify-only apps shouldn’t hold the signing key #

What HS256 actually means #