Learn how to revoke your tenant’s application signing key using the Auth0 Dashboard or Management API.
You can revoke your tenant’s application or API signing key using the or the . The signing key is used to sign , , assertions, and assertions sent to your application or API. To learn more, read Signing Keys.
Before you can revoke a previously-used signing key, you must first have rotated the key. To learn more, read Rotate Signing Keys, or see the Rotate and revoke signing key section below.
Make sure you have updated your application or API with the new key before you revoke the previous key.
You cannot reuse a signing key after revocation, so be sure that you want to revoke it.
In the List of Valid Keys section, locate the Previously Used key, select the more options (…) menu, and select Revoke Key.
The List of Valid Keys section lists the current signing key being used by your tenant, plus the next signing key that will be assigned should you choose to rotate your signing keys. If you have previously rotated signing keys, this section also lists the previously-used keys.
The List of Revoked Keys section lists the last three revoked keys for your tenant.
Make a PUT call to the Revoke an Application Signing Key by its Key ID endpoint. Be sure to replace the {yourKeyId} and {yourMgmtApiAccessToken} placeholder values with your signing key’s ID and Management API access token, respectively.
Value
Description
YOUR_KEY_ID
ID of the signing key to be revoked. To learn how to find your signing key ID, see Locate JSON Web Key Sets.
