The tenant is using the "Default signing key (HS256)" for the access token.

@saleenajohn49 said in Clicked the regenerate key button on the reactor page:

A nuclear reactor produces and controls the release of energy from splitting the atoms of certain elements. In a nuclear power reactor, the energy released is used as heat to make steam to generate electricity. (In a research reactor the main purpose is to utilise the actual neutrons produced in the core. In most naval reactors, steam drives a turbine directly for propulsion.

Ha ha.. yep, that is pretty much how the FusionAuth Reactor works too. 😆

If you need to keep everything in sync between your dev, staging and production systems, I believe the best way to accomplish that is to create the key-pair outside of FusionAuth and use the “Import RSA key pair” functionality.

If you are using the UI, you can find that under "Settings -> Key master". The button in the upper right hand corner lets you select between the different options:

Screen Shot 2020-09-24 at 1.48.38 PM.png

You can of course also use the API to import the keys: https://fusionauth.io/docs/v1/tech/apis/keys

We only publish keys that we can use for signing, so a public key all by itself will not be published via JWKS. If you import the entire key pair, it will be published on the JWKS endpoint.

You can also generate a keypair too.

Symmetric keys are not returned on the JWKS endpoint, as they don't have a public key. Per the docs this api:

returns public keys generated by FusionAuth, used to cryptographically verify JWTs using the JSON Web Key format

If you create an RSA or EC key which is an asymmetric key pair - the public key will be returned on the JWKS endpoint. If you don’t have any key pairs configured , it will be empty. Out of the box, you’ll only have one HMAC key which we don’t publish in JWKS.

The team wrote a tutorial outlining how to rotate keys, including signing keys: https://fusionauth.io/docs/v1/tech/tutorials/key-rotation/