Skip to content

Obtain Key Set Using JSON Web Key Set

The JSON Web Key Set (JWKS) endpoint is a read-only endpoint that returns the Identity Server's public key set in the JWKS format.

You can follow this guide when your relying party (RP) application needs to validate JWT Token signatures issued by WSO2 Identity Server.

Endpoint URL for super tenant

Copy and paste the following endpoint URL on your browser window.

URL Format 

https://<IS_HOST>:<IS_HTTPS_PORT>/oauth2/jwks

Sample URL 

https://localhost:9443/oauth2/jwks

  • By default, <IS_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.

  • By default, <IS_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n , the default port value needs to be incremented by n as well.

You will see the following response.

Response 

{
    "keys": [
        {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "kid": "NTAxZmMxNDMyZDg3MTU1ZGM0MzEzODJhZWI4NDNlZDU1OGFkNjFiMQ",
        "alg": "RS256",
        "n": "luZFdW1ynitztkWLC6xKegbRWxky-5P0p4ShYEOkHs30QI2VCuR6Qo4Bz5rTgLBrky03W1GAVrZxuvKRGj9V9-PmjdGtau4CTXu9pLLcqnruaczoSdvBYA3lS9a7zgFU0-s6kMl2EhB-rk7gXluEep7lIOenzfl2f6IoTKa2fVgVd3YKiSGsyL4tztS70vmmX121qm0sTJdKWP4HxXyqK9neolXI9fYyHOYILVNZ69z_73OOVhkh_mvTmWZLM7GM6sApmyLX6OXUp8z0pkY-vT_9-zRxxQs7GurC4_C1nK3rI_0ySUgGEafO1atNjYmlFN-M3tZX6nEcA6g94IavyQ"
        }
    ]
}

For information about the elements in the response, see Response parameters.

Endpoint URL for tenants

Copy and paste the following endpoint URL on your browser window.

URL Format 

https://<IS_HOST>:<IS_PORT>/t/<TENANT_DOMAIN>/oauth2/jwks

Sample URL 

https://localhost:9443/t/foo.com/oauth2/jwks

  • By default, <IS_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.

  • By default, <IS_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n , the default port value needs to be incremented by n as well.

You will see the following response.

Response 

{
    "keys": [
        {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "kid": "MTk5NjA3YjRkNGRmZmI4NTYyMzEzZWFhZGM1YzAyZWMyZTg0ZGQ4Yw",
        "alg": "RS256",
        "n": "0OA-yiyn_pCKnldZBq2KPnGplLuTEtGU7IZP66Wf7ElhFJ-kQ87BMKvZqVNDV84MSY3XQg0t0yL6gITg-W8op61PWO2UrEcxhhMHN_rra22Ae2OCaUfOr43cW1YFc54cYj5p7v-HSVvjTuNLGMMrNfTGAOCPzuLxbSHfq62uydU"
        }
    ]
}

For information about the elements in the response, see Response parameters.

Response parameters

Property value description
kty The public key type.
e The exponent value of the public key.
use

Implies how the key is being used. The value sig represents signature.
kid The thumbprint of the certificate. This value is used to identify the key that needs to be used to verify the signature.
alg

The algorithm used to secure the JSON Web Signature.
n The modulus value of the public key.

For more information, see the JWKS specification.

Related topics

Top