Public Key vs Encryption Key

[linuxd3v]

So I'm extremely confused about what I should use when instantiating AuthorizationServer object.

So the documentation directs people to generate public and private keys and then literally says:

The authorization server also requires the public key.

But then this commit removes the public key from the AuthorizationServer code:
76c2b6f88cccaa07f9eceaab42e0306dd839cacb

So which is it?
Why was public key replaced with encryption key?
If public key is not being used for AuthorizationServer - then where is it being used?

[Sephster]

It does look like the documentation needs updating. The code works as follows:

• The Auth server uses the private key to sign payloads
• The Resource server uses the public key to verify the signed payloads

These are typically JWTs.

The encryption key is either a string or a Key instance from the Defuse/Crypto library. It is used to encrypt the authorisation code or refresh code.

I'm unclear as to the motivations for the original change but a discussion about it can be found in this issue.

I hope that answers your question. I will modify this issue so that we can keep track and update the documentation to make it clearer. Thanks for reporting this.

[Sephster]

Reopening as I want to track the documentation issue so we can resolve and then close.