KeyStore
Defined in: packages/core/src/keys.ts:9
The tool’s own keypair. The private half signs deep-link responses and AGS client assertions; the public half is served at the JWKS endpoint the LMS verifies against. Implement this however you like (env PEM, KMS, etc.).
Methods
Section titled “Methods”kid():
Promise<string>
Defined in: packages/core/src/keys.ts:13
Key id — goes in the JWT header kid; must match a key in publicJwks().
Returns
Section titled “Returns”Promise<string>
privateKey()
Section titled “privateKey()”privateKey():
Promise<KeyLike|Uint8Array<ArrayBufferLike>>
Defined in: packages/core/src/keys.ts:11
Private key used to sign outbound JWTs.
Returns
Section titled “Returns”Promise<KeyLike | Uint8Array<ArrayBufferLike>>
publicJwks()
Section titled “publicJwks()”publicJwks():
Promise<JSONWebKeySet>
Defined in: packages/core/src/keys.ts:15
Public keyset served at your /jwks route (supports >1 key for rotation).
Returns
Section titled “Returns”Promise<JSONWebKeySet>