Privy requires a verification key to ensure the JWTs received are valid. Both the token’s signature and its expiration time (claim) are verified to ensure secure access. This verification process helps protect user data and prevents unauthorized access to Privy services.You can provide the verification key in one of two ways:
JWKS Endpoint
If your provider uses JWKS to sign JWTs, provide a JWKS endpoint URL where Privy can retrieve your auth provider’s JWT public key.