|
|
|
|
|
|
by bruth
977 days ago
|
|
|
Yes that reads correct. The `sub` would a NATS user public nkey, the `iss` would be the NATS account public nkey (either the issuer nkey in config-mode or existing nkey in decentralized auth). As long as it can verify the chain of trust for the user JWT that is returned, it should work. The three schema types are shown here: https://docs.nats.io/running-a-nats-service/configuration/se... auth request comes in -> generate user jwt, sign + encode -> respond with auth response. As long as the necessary bits of the response and user JWT conform, it will work. |
|
|