Discovery
The JWKS endpoint returns a JSON document containing public keys used for verifying signatures in tokens, and encrypting tokens.
| Name | Description |
|---|---|
| JSON Web Key | Core specification for JSON Web Key |
The jwks endpoint is invoked through HTTP using the GET method.
The following exmaple is a GET request to the jwks endpoint.
GET /.well-known/jwks HTTP/1.1
Host: idp.authserver.dk
Content-Type: application/json
{
"keys": [
{
"kty": "EC",
"use": "enc",
"crv": "P-256",
"alg": "ECDH-ES+A128KW",
"key_ops": ["encryption"],
"x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
"y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0",
"kid": "d890e7ed-662b-48c5-8914-c5c58571f8b6"
}
]
}
The following table describes the fields in the JSON document.
| Name | Description |
|---|---|
| keys | Array of Json Web Keys |
| kty | The cryptographic algorithm family, the key can use |
| use | The usage of the key |
| alg | The cryptographic algorithm the key can be used with |
| key_ops | The operations the key can be used with |
| kid | The unique identifier of the key |
| crv | The elliptic curve used by the key |
| x | The base64 x coordinate on the curve |
| y | The base64 y coordinate on the curve |
| n | The modulus value used with kty: RSA |
| e | The exponnent value used with kty: RSA |
| x5t | The SHA1 thumpbrint of the certificate |
| x5c | Array of one base64 certificate |
| x5t#S256 | The SHA256 thumbprint of the certificate |