I am generating JWT token from WSOAM which is then passed as a header to API. I have my API created in nodejs and I am using jsonwebtoken plugin to verify and decode the JWT.

I am unable to find RSA Public key of Wso2carbon to verify/decode the token.

Please help me as how to generate the RSA Public key or where should I find this key ?

All WSO2 products use the default public/private key pairs installed into wso2carbon.jks keystore file found in <WSO2_AM>/repository/resources/security directory. It's advised to use your own keystore instead of this default keystore shipped with all WSO2 products.

It is recommended to replace this default keystore with a new keystore that has self-signed or CA signed certificates when the products are deployed in production environments. This is because wso2carbon.jks is available with open source WSO2 products, which means anyone can have access to the private key of the default keystore.

If you are going to use the default private/public keys, use the following command to extract the key.

keytool -export -keystore <WSO2_AM>/repository/resources/security/wso2carbon.jks -alias wso2carbon -file Example.cer

I was able to find the public key used to sign the jwt token by invoking the GET https://<identity_server_url>/oauth2/jwks endpoint (be careful to choose the main domain or the tenant domain, i.e. https://<identity_server_url>/t/<tenant_name>/oauth2/jwks). Then I converted it to PEM format using a site like this: https://8gwifi.org/jwkconvertfunctions.jsp

hope this helps.