DEV Community

Discussion on: Cryptographically protecting your SPA

 
sgtwilko profile image
sgtwilko

Both JWS and JWE can work either with PSK or public private keys.

It depends on the crypto chosen.

Using RSA or Eliptic curve would work with public private keys, just as your solution did. With these the front end would only need the public key to (decode JWEs &) verify the JWT.

Nothing about JWTs is limited to backend, it's just as applicable to frontend.