The JSON Web Key Set (JWKS) endpoint is a read-only endpoint that returns the Identity Server's public key set in the JWKS format. This contains the signing key(s) that the Relying Party (RP) uses to validate signatures from the Identity Server. For more information on this endpoint, see the OpenID Connect Discovery specification.
...
Tip |
---|
|
Make sure to start Start WSO2 IS before you try out the endpoints. |
...
Endpoint URL | Copy the following URL to your browser: https://<IS_HOST>:<IS_HTTPS_PORT>/oauth2/jwks
Info |
---|
- By default,
<IS_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified. - By default,
<IS_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n , the default port value needs to be incremented by n .
|
Example: https://localhost:9443/oauth2/jwks |
---|
Response | Code Block |
---|
{
"keys": [
{
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"kid": "NTAxZmMxNDMyZDg3MTU1ZGM0MzEzODJhZWI4NDNlZDU1OGFkNjFiMQ",
"alg": "RS256",
"n": "luZFdW1ynitztkWLC6xKegbRWxky-5P0p4ShYEOkHs30QI2VCuR6Qo4Bz5rTgLBrky03W1GAVrZxuvKRGj9V9-PmjdGtau4CTXu9pLLcqnruaczoSdvBYA3lS9a7zgFU0-s6kMl2EhB-rk7gXluEep7lIOenzfl2f6IoTKa2fVgVd3YKiSGsyL4tztS70vmmX121qm0sTJdKWP4HxXyqK9neolXI9fYyHOYILVNZ69z_73OOVhkh_mvTmWZLM7GM6sApmyLX6OXUp8z0pkY-vT_9-zRxxQs7GurC4_C1nK3rI_0ySUgGEafO1atNjYmlFN-M3tZX6nEcA6g94IavyQ"
}
]
} |
Property value | description |
---|
kty | The public key type. | e | The exponent value of the public key. | use | Implies how the key is being used. The value sig represents signature. | kid | The thumbprint of the certificate. This value is used to identifying identify the key that needs to be used to verify the signature. | alg | The algorithm used to encrypt secure the certificateJSON Web Signature. | n | The modulus value of the public key. |
|
---|
The endpoint URL for tenants
Endpoint URL | Copy the following URL to your browser: https://<IS_HOST>:<IS_PORT>/t/<TENANT_DOMAIN>/oauth2/jwks
Info |
---|
- By default,
<IS_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified. - By default,
<IS_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n , the default port value needs to be incremented by n . - Enter your tenant domain for
<TENANT_DOMAIN> .
|
Example: https://localhost:9443/t/foo.com/oauth2/jwks |
---|
Response | Code Block |
---|
{
"keys": [
{
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"kid": "MTk5NjA3YjRkNGRmZmI4NTYyMzEzZWFhZGM1YzAyZWMyZTg0ZGQ4Yw",
"alg": "RS256",
"n": "0OA-yiyn_pCKnldZBq2KPnGplLuTEtGU7IZP66Wf7ElhFJ-kQ87BMKvZqVNDV84MSY3XQg0t0yL6gITg-W8op61PWO2UrEcxhhMHN_rra22Ae2OCaUfOr43cW1YFc54cYj5p7v-HSVvjTuNLGMMrNfTGAOCPzuLxbSHfq62uydU"
}
]
} |
Property value | description |
---|
kty | The public key type. | e | The exponent value of the public key. | use | Implies how the key is being used. The value sig represents signature. | kid | The thumbprint of the certificate. This value is used to identifying identify the key that needs to be used to verify the signature. | alg | The algorithm used to encrypt secure the certificateJSON Web Signature. | n | The modulus value of the public key. |
|
---|