[Auth0 Custom Authorizers] Best practice for storing/accessing public key in production?

[tonyjmartinez]

I'm following this example.

What would be the recommended way to store and access the public key in production? Check it in to version control? I know that I can sls deploy, but what if I want to use CI (in this case https://seed.run)?

[spawn-guy]

that is an interesting example there.

the "default" auth0 SDKs download it "dynamically" from https://{AUTH0_DOMAIN}/.well-known/jwks.json.

see Locate JSON Web Key Sets and maybe click through Validate JSON Web Tokens