Skip to content

KeyStore

Defined in: packages/core/src/keys.ts:9

The tool’s own keypair. The private half signs deep-link responses and AGS client assertions; the public half is served at the JWKS endpoint the LMS verifies against. Implement this however you like (env PEM, KMS, etc.).

kid(): Promise<string>

Defined in: packages/core/src/keys.ts:13

Key id — goes in the JWT header kid; must match a key in publicJwks().

Promise<string>


privateKey(): Promise<KeyLike | Uint8Array<ArrayBufferLike>>

Defined in: packages/core/src/keys.ts:11

Private key used to sign outbound JWTs.

Promise<KeyLike | Uint8Array<ArrayBufferLike>>


publicJwks(): Promise<JSONWebKeySet>

Defined in: packages/core/src/keys.ts:15

Public keyset served at your /jwks route (supports >1 key for rotation).

Promise<JSONWebKeySet>