Custom JWT provider - signing key rotation guidance

freeatnet · April 18, 2024, 3:24pm

Hi all!

We’re getting ready to deploy a wallet-like app that uses a custom Web3Auth JWT provider that we will also run. I want to have a contingency plan for changing the JWT signing key, but I haven’t found any documentation on how that affects the verifier. Specifically, in case we need to roll the JWT signing key,

Other than updating the value returned by the JWKS URL, do we need to make any changes to the verifier when rotating JWT signing keys?
Will rotating the keys affect existing users’ wallet addresses?
Will existing authentication sessions be terminated automatically?

Thanks in advance!


When asking for help in this category, please make sure to provide the following details:

- SDK Version: 8.3.0
- Platform: web
- Browser Console Screenshots: n/a
- If the issue is related to Custom Authentication, please include the following information (optional):
  - Verifier Name:
  - JWKS Endpoint:
  - Sample idToken (JWT):

Also, kindly provide the Web3Auth initialization and login code snippet below. This will help us better understand your issue and provide you with the necessary assistance.

TomTom · April 18, 2024, 3:29pm

hi @freeatnet

Thanks for bringing this question to the forum. I will be talking to our team to bring you the best answer to this question.

Thanks for your patience.

chai · April 19, 2024, 2:32am

You only need to update the value returned in the JWKS URL. No need to make any changes to the verifier.
It won’t affect any existing authentication sessions.
It won’t affect existing users wallet addresses

freeatnet · April 20, 2024, 8:09pm

Thanks, @chai! Appreciate the response.

system · April 22, 2024, 8:10pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.