Abusing JWT public keys without the public key

&gt; The main lesson is: one should not rely on the secrecy of public keys<p>... that might be why they are called &quot;public&quot; keys