Asymmetric Keys: the Public Key
If you are using asymmetric encryption for your JWT, then the encryption (JWT signing) is done with the private key, and verification is done with the public key. In order for MobileTogether Server to be able to verify the JWT, you must do the following:
In the Settings tab of MobileTogether Server, enable JWT authentication (see screenshot below), and then enter settings for:
•Secret: Enter the public key of a private–public pair. (If you are using symmetric encryption, enter the shared secret.)
•Audience: Enter the same string as that you entered for this claim when creating the JWT.