JSON Web Token (JWT) is a compact URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that. Aug 15, 2018 Private Key JWT Client Authentication is an authentication method that can be used by clients to authenticate to the authorization server when using the token endpoint. In this authentication mechanism, only the clients that have registered a public key, signed a JWT. The point of the signature is for the receiver to verify the integrity of the received JWT, that it has not been tampered with. This is done, presumably, by the receiver of the JWT reproducing the steps made by the JWT producer to create the signature, by hashing the header and the payload with the specified hashing algorithm and a given secret. Create a Private Key and Self-Signed Digital Certificate Create a Private Key and Self-Signed Digital Certificate The JWT-based authorization flow requires a digital certificate and the private key used to sign the certificate. You upload the digital certificate to the custom connected app that is also required for JWT-based authorization.