Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The JSON Web Key Set (JWKS) endpoint is a read-only endpoint that returns the Identity Server's public key set in the JWKS format. This contains the signing key(s) that the Relying Party (RP) uses to validate signatures from the Identity Server. For more information on this endpoint, see the OpenID Connect Discovery specification.

Let's take a look at the endpoints you can use for the used in WSO2 Identity Server (WSO2 IS):

Table of Contents

Tip
titleBefore you begin!

Make sure to start Start WSO2 IS before you try out the endpoints.

The endpoint URL for the super tenant

Endpoint URL

Copy the following URL to your browser: https://<IS_HOST>:<IS_HTTPS_PORT>/oauth2/jwks

Info
  • By default, <IS_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
  • By default, <IS_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example: https://localhost:9443/oauth2/jwks

Response
Code Block
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "NTAxZmMxNDMyZDg3MTU1ZGM0MzEzODJhZWI4NDNlZDU1OGFkNjFiMQ",
      "alg": "RS256",
      "n": "luZFdW1ynitztkWLC6xKegbRWxky-5P0p4ShYEOkHs30QI2VCuR6Qo4Bz5rTgLBrky03W1GAVrZxuvKRGj9V9-PmjdGtau4CTXu9pLLcqnruaczoSdvBYA3lS9a7zgFU0-s6kMl2EhB-rk7gXluEep7lIOenzfl2f6IoTKa2fVgVd3YKiSGsyL4tztS70vmmX121qm0sTJdKWP4HxXyqK9neolXI9fYyHOYILVNZ69z_73OOVhkh_mvTmWZLM7GM6sApmyLX6OXUp8z0pkY-vT_9-zRxxQs7GurC4_C1nK3rI_0ySUgGEafO1atNjYmlFN-M3tZX6nEcA6g94IavyQ"
    }
  ]
}
Property valuedescription
ktyThe public key type.
eThe exponent value of the public key.
use

Implies how the key is being used. The value sig represents signature.

kidThe thumbprint of the certificate. This value is used to
identifying
identify the key that needs to be used to verify the signature.
alg

The algorithm used to

encrypt

secure the

certificate

JSON Web Signature.

nThe modulus value of the public key.
Info

For more information, see the JWS specification.

The endpoint URL for tenants

Endpoint URL

Copy the following URL to your browser: https://<IS_HOST>:<IS_PORT>/t/<TENANT_

DOWMAIN>

DOMAIN>/oauth2/jwks

Info
  • By default, <IS_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
  • By default, <IS_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.
  • Enter your tenant domain for <TENANT_
DOWMAIN>
  • DOMAIN>.

Example: https://localhost:9443/t/foo.com/oauth2/jwks

Response
Code Block
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "MTk5NjA3YjRkNGRmZmI4NTYyMzEzZWFhZGM1YzAyZWMyZTg0ZGQ4Yw",
      "alg": "RS256",
      "n": "0OA-yiyn_pCKnldZBq2KPnGplLuTEtGU7IZP66Wf7ElhFJ-kQ87BMKvZqVNDV84MSY3XQg0t0yL6gITg-W8op61PWO2UrEcxhhMHN_rra22Ae2OCaUfOr43cW1YFc54cYj5p7v-HSVvjTuNLGMMrNfTGAOCPzuLxbSHfq62uydU"
    }
  ]
}
Property valuedescription
ktyThe public key type.
eThe exponent value of the public key.
use

Implies how the key is being used. The value sig represents signature.

kidThe thumbprint of the certificate. This value is used to
identifying
identify the key that needs to be used to verify the signature.
alg

The algorithm used to

encrypt

secure the

certificate

JSON Web Signature.

nThe modulus value of the public key.
Info

For more information, see the JWS specification.