I'm setting up a SuperTokens JS back-end with a separate ASP.NET back-end that requires validating the JWT tokens. This page (https://supertokens.com/docs/session/common-customizations/sessions/with-jwt/jwt-verification) says to use the JWKS endpoint. The tokens that are published there aren't supposed to be secret to the outside world are they? (Because in Method 2 the word "secret" is used multiple times)

Hey. The tokens are public keys and are ok to be exposed.