JSON Web Key Set (JWKS)#

The JWKS endpoint provides information about Cryptographic Keys , as JSON Web Keys (RFC-7517), that are present in a Token Profile.

JSON Web Keys are used to verify JWT Assertions, and anywhere JSON Web Signature (JWS, RFC-7515) and JSON Web Encryption (JWE RFC-7516) are used.

JKWS URI#

The Curity Identity Server exposes a JWKS endpoint under each Token Profile’s Anonymous Endpoint at the URI <oauth-anonymous-endpoint>/jwks.

The OAuth/OIDC Metadata will refer to this URI by default. If there is more than one Anonymous Endpoint in a Token Profile, the first endpoint to appear in configuration will be used.

It is possible to override that by configuring a JWKS URI Override in the Token Profile configuration for Metadata.

The JWKS URI may be included in JWTs issued by the Token Profile, if configured, as the jku claim.

Cryptographic Keys included in the JWKS#

The JWKS provided by the JKWS endpoint includes the public key of all Cryptographic Keys whose purpose is either Signing or Decryption.

Key IDs, or kid, are either the External ID of the key, if defined, or the keystore ID otherwise.

Administration

System and Operation

Facilities

Profiles

Developer Guide

Configuration Reference

JSON Web Key Set (JWKS)#

JKWS URI#

Cryptographic Keys included in the JWKS#