Netlify Identity is an easy way to let users sign up to your site, but is it possible to validate the signature of the JWT token on another site, like an API Server that is a backend for the site? In other words, is it possible to get a public key or to set the secret to validate the token signature?
Netlify Identity uses HS256 so there's a single shared secret as opposed to RS256 which has a public/private key. The signing secret isn't available via our API yet (though we should add it!). But you can contact support to get it. You can use it in your own API to verify our JWT's in your own backend.
Edit: While this was the case, we currently don't recommend sharing the signing secret for security reasons. The better option is to use signed proxy redirects to make secure requests to your own backend server. Using this feature we will sign requests to your backend using a short-lived token that is only valid for 5 minutes. It's more secure and doesn't share your Identity signing secret. You can read more about signed proxy redirects at https://www.netlify.com/docs/redirects/#signed-proxy-redirects