Until now, we have not discussed a very important aspect of JWT, the key management.

Let us look at some questions that can be raised regarding keys.

1. Will the secret key always remain the same, or will it be changed after regular intervals?

2. If the secret key is changed, then what would happen to the tokens signed by older keys?

3. If we are using asymmetric signing and the private key is changed, how will we share the new public keys with all the applications?

We will answer each of these questions one by one.

Get hands-on with 1400+ tech skills courses.