Obtain Key Set Using JSON Web Key Set¶
The JSON Web Key Set (JWKS) endpoint is a read-only endpoint that returns the Identity Server's public key set in the JWKS format.
You can follow this guide when your relying party (RP) application needs to validate JWT Token signatures issued by WSO2 Identity Server.
Endpoint URL for super tenant¶
Copy and paste the following endpoint URL on your browser window.
URL Format
https://<IS_HOST>:<IS_HTTPS_PORT>/oauth2/jwks
Sample URL
https://localhost:9443/oauth2/jwks
-
By default,
<IS_HOST>
is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified. -
By default,
<IS_HTTPS_PORT>
has been set to 9443. However, if the port offset has been incremented by n , the default port value needs to be incremented by n as well.
You will see the following response.
Response
{
"keys": [
{
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"kid": "NTAxZmMxNDMyZDg3MTU1ZGM0MzEzODJhZWI4NDNlZDU1OGFkNjFiMQ",
"alg": "RS256",
"n": "luZFdW1ynitztkWLC6xKegbRWxky-5P0p4ShYEOkHs30QI2VCuR6Qo4Bz5rTgLBrky03W1GAVrZxuvKRGj9V9-PmjdGtau4CTXu9pLLcqnruaczoSdvBYA3lS9a7zgFU0-s6kMl2EhB-rk7gXluEep7lIOenzfl2f6IoTKa2fVgVd3YKiSGsyL4tztS70vmmX121qm0sTJdKWP4HxXyqK9neolXI9fYyHOYILVNZ69z_73OOVhkh_mvTmWZLM7GM6sApmyLX6OXUp8z0pkY-vT_9-zRxxQs7GurC4_C1nK3rI_0ySUgGEafO1atNjYmlFN-M3tZX6nEcA6g94IavyQ"
}
]
}
For information about the elements in the response, see Response parameters.
Endpoint URL for tenants¶
Copy and paste the following endpoint URL on your browser window.
URL Format
https://<IS_HOST>:<IS_PORT>/t/<TENANT_DOMAIN>/oauth2/jwks
Sample URL
https://localhost:9443/t/foo.com/oauth2/jwks
-
By default,
<IS_HOST>
is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified. -
By default,
<IS_HTTPS_PORT>
has been set to 9443. However, if the port offset has been incremented by n , the default port value needs to be incremented by n as well.
You will see the following response.
Response
{
"keys": [
{
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"kid": "MTk5NjA3YjRkNGRmZmI4NTYyMzEzZWFhZGM1YzAyZWMyZTg0ZGQ4Yw",
"alg": "RS256",
"n": "0OA-yiyn_pCKnldZBq2KPnGplLuTEtGU7IZP66Wf7ElhFJ-kQ87BMKvZqVNDV84MSY3XQg0t0yL6gITg-W8op61PWO2UrEcxhhMHN_rra22Ae2OCaUfOr43cW1YFc54cYj5p7v-HSVvjTuNLGMMrNfTGAOCPzuLxbSHfq62uydU"
}
]
}
For information about the elements in the response, see Response parameters.
Response parameters¶
Property value | description |
---|---|
kty |
The public key type. |
e |
The exponent value of the public key. |
use |
Implies how the key is being used. The value |
kid |
The thumbprint of the certificate. This value is used to identify the key that needs to be used to verify the signature. |
alg |
The algorithm used to secure the JSON Web Signature. |
n |
The modulus value of the public key. |
For more information, see the JWKS specification.
Related topics