This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.

Enable using static and dynamic keys for jwt signing

This is just a proposal so far, it hasn't been accepted and needs further discussion.

Context and Problem Statement#

In some cases people may want to issue JWTs that are valid longer than the normal access token signing key rotation.

We enable using both static and dynamic keys to sign JWTs:

Since this decision we want to only expose a single set of keys for jwts and access tokens
We can add both static and dynamic (or refreshing/expiring) keys to this keyset
We could use either keyset for both access tokens and JWTs, replacing the access_token_signing_key_dynamic core config option
By default, access tokens will be signed using dynamic keys. This can be changed through a setting in the BE SDK. (this replaces the core config option). The useDynamicAccessTokenSigningKey: boolean property will be added to the Session recipe configuration.
By default, jwts will be signed using the static key. This can be controlled through a parameter passed to the createJWT function called useStaticSigningKey.
We should rename access_token_signing_key_update_interval to access_token_dynamic_signing_key_update_interval in the core config.