Get all JWKs

GET /.well-known/jwks.json

Returns the JSON Web Key Set document containing the public keys of all AuthorizationServer instances registered with this service. Each key entry in the set includes the key type, algorithm, intended use, key identifier, and the encoded key material along with any available certificate chain in the x5c field. Keys are derived from the signing or TLS certificates configured on the referenced AuthorizationServer AuthStates at service initialization. Clients use the kid value from a JWT's JOSE header to identify and retrieve the matching verification key from this set. The response is recomputed when the underlying key configuration changes and cached between recomputations.

Responses

Successful operation

application/json

Schema
Example (from schema)

Schema

object

{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "on4W7ufs0aRwjka8rt4mSSKrDQnLBi-6c9HIWWHrzJQ",
      "nbf": 1263988848,
      "e": "AQAB",
      "use": "enc",
      "kid": "tI-F7jsQOnAYttiOFaKD5SRmiggqPxysgF3YebKcuBM",
      "x5c": [
        "MIIEuDCCA6CgAwIBAgIJAKa0WA+RpWjdMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAmNoMR4wHAYDVQQKExVBZG5vdnVtIEluZm9ybWF0aWsgQUcxFDASBgNVBAsTC0RldmVsb3BtZW50MQ4wDAYDVQQLEwVOZXZpczEbMBkGA1UEAxQSYXV0aFNpZ25lckBlc2F1dGg0MB4XDTEwMDEyMDEyMDA0OFoXDTM3MDYwNjEyMDA0OFowcDELMAkGA1UEBhMCY2gxHjAcBgNVBAoTFUFkbm92dW0gSW5mb3JtYXRpayBBRzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxDjAMBgNVBAsTBU5ldmlzMRswGQYDVQQDFBJhdXRoU2lnbmVyQGVzYXV0aDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+bNZBy1NqZJ1QQf3Nb+T4vwLb5zZ/thdc0K7obriIKDo3uJO26DKm4IgI4a5Vy2sHnQRvcw6FVTTWai6PQBR/KniINq2rOwPL//CKu88K1r7rVNHJaQ29a2fhfqGXdvDvoRdOSOaevV07BNVhybpJJhba2hIJf/35x/zfQkTJfdbw2k1FutVunaDAELKvX4uLyX58GKjXNPi+a6Dec6KsBNAcjU2FQclGEttB46R/OXXHni1sJqaS0vt+lva+a4/ExfB3+4ulHBAtHfGVIPLMojLE1J0GADddRqIGdlCLR56XJV0OI7Kv4QsyMlWigGLYaSPJRncaGygWRDlFNDtjAgMBAAGjggFTMIIBTzAJBgNVHRMEAjAAMD8GCWCGSAGG+EIBDQQyFjBOZXZpcyBLZXlCb3ggR2VuZXJhdGVkIENlcnRpZmljYXRlIHVzaW5nIE9wZW5TU0wwCwYDVR0PBAQDAgOoMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU1IKh05R9E7Egx6gCZa/R53A080MwgaIGA1UdIwSBmjCBl4AU1IKh05R9E7Egx6gCZa/R53A080OhdKRyMHAxCzAJBgNVBAYTAmNoMR4wHAYDVQQKExVBZG5vdnVtIEluZm9ybWF0aWsgQUcxFDASBgNVBAsTC0RldmVsb3BtZW50MQ4wDAYDVQQLEwVOZXZpczEbMBkGA1UEAxQSYXV0aFNpZ25lckBlc2F1dGg0ggkAprRYD5GlaN0wEQYJYIZIAYb4QgEBBAQDAgbAMA0GCSqGSIb3DQEBBQUAA4IBAQB1LU7SmZgAHVADwJNmnvUWtoCPn9eFznVFbrekSqOdoTGNuo3Lsa8pOvhMOhC/vfcfgYsTqXtylB4sycnTwgCeWoU5xlLZftZ9pE8NN9qX7htURJRDBLyncpBGSyiUOmaIHPurBuuhUmxJzp+4C2XLmURGdqdHOqaDDf6AK1ofltTuoqZxZNYNGH5YLalkriHNqG8l/rfyvgLSL5cA6n+WBVwrylmVR7VSSEGDISWeSSqXZmkk/Y0dcQU4mXGSrqGnKLvoRHHkp92tIrwACvUVipgxjYtRwErMAXKz80PppdwODC3bRzLxqeV/f3mUZrb/pFo4xu8FMTvS08wmVUCk"
      ],
      "exp": 2127902448,
      "alg": "RSA-OAEP-256",
      "n": "vmzWQctTamSdUEH9zW_k-L8C2-c2f7YXXNCu6G64iCg6N7iTtugypuCICOGuVctrB50Eb3MOhVU01mouj0AUfyp4iDatqzsDy__wirvPCta-61TRyWkNvWtn4X6hl3bw76EXTkjmnr1dOwTVYcm6SSYW2toSCX_9-cf830JEyX3W8NpNRbrVbp2gwBCyr1-Li8l-fBio1zT4vmug3nOirATQHI1NhUHJRhLbQeOkfzl1x54tbCamktL7fpb2vmuPxMXwd_uLpRwQLR3xlSDyzKIyxNSdBgA3XUaiBnZQi0eelyVdDiOyr-ELMjJVooBi2GkjyUZ3GhsoFkQ5RTQ7Yw"
    }
  ]
}

Get all JWKs

/.well-known/jwks.json

Responses​

Responses