The Keyless mobile SDK has built-in JWT signing functionality, which you can use in dynamic linking during enrollment or authentication.
If you don't have a secure connection between your mobile application and your application backend, you can use JWT signing and the Keyless server API to communicate securely over HTTP.
One possible use for this is to to transmit the JWT public signing key, which is only available at enrollment, to your application backend:
In the mobile application, generate the HTTP request containing the public key to send to your application backend
In the Keyless mobile SDK, generate Keyless authentication headers for the HTTP request
In the mobile application, send the HTTP request to your application backend, with the Keyless headers
In the application backend, receive the request, extract the Keyless headers and contact the Keyless server API to validate them
If the Keyless headers are valid, the Keyless server API returns user ID, path and sha256 hash of the body
In the application backend, validate the path and hash with what it receives and can safely associate content of the body, which is the public key, with the user ID
In the mobile application, after enrollment:
A backend application handler for the /jwt-signing-key
endpoint.