feipengheart commented on issue #5281: URL: https://github.com/apache/apisix/issues/5281#issuecomment-946773067
> take a look at: > > https://github.com/apache/apisix/blob/50fed630823bb3c562f411d7cb5f5d38218348fb/t/plugin/jwt-auth.t#L702-L749 > > what is `BEGIN RSA PUBLIC KEY`? I think it should be `BEGIN PUBLIC KEY`. It is ok, but I found a new problem, that is, if the token is given to others, it can also access the API. I thought that the private key is used by the client for token encryption, and then JwT-Auth can decrypt it using the public key, or signature, but the fact is not so. After requesting the token, add the token directly to the header to access the API. The public and private keys do not seem to have any effect。Is there any way to solve this problem, such as giving the user a private key, and only the user who has the private key can access the API with a valid token -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org