I tried searching for an answer to this question and didn't find anything. So, I'm asking and answering.
I'm trying to implement a JWKS endpoint. I found some example code here. Note that the author's intent for that repo is testing only. He is clear that he doesn't know enough about crypto to know if it's actually secure.
In the example, the private key is used to generate the modulus and exponent:
const forge = require('node-forge')
const NodeRSA = require('node-rsa')
const helperKey = new NodeRSA()
helperKey.importKey(forge.pki.privateKeyToPem(privateKey))
const { n: modulus, e: exponent } = helperKey.exportKey('components')
Since those values are then made publicly available (via the JWKS endpoint), can the modulus and exponent be used to somehow obtain the private key? Should I be using the public key to generate the modulus and exponent instead?