Versions Compared

Old Version 1

changes.mady.by.user Kai Bjørnstad

Saved on

compared with

New Version Current

changes.mady.by.user Kai Bjørnstad

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The jwks_uri  is the URL of the OpenID Providers JSON Web Key Set JSON Web Key Set (JWK) document. This contains the signing key(s) the client/RP can use to validate signatures from the OpenID Provider. This includes validation the signatures of the various tokens issues by the OpenID Provider.


The spesification specification defines two high level data structures: JWKS and JWK:

...

The jwks endpoint URL can be found by looking at the value of the "jwks_uri" key in the jwksopenid-configuration.

Typical format of the URL is:

...

Requesting the document is done by a normal HTTP GET request, without the need for any user or client authentication.

Note hovever however that the URL contains reference to the Security Domain.

Example request

Code Block
languagebash
themeMidnight
titleExample jwks_uri request
BASEURL="https://auth.buypass.no/auth/realms/SECURITYDOMAIN/protocol/openid-connect"; 

curl -i -w "\n" -H "Content-Type: application/x-www-form-urlencoded" ${BASEURL}/certs

...

The response, in terms of number of active keys and the various JWK parameters may vary depending on the key tope and Security Domain. The response uses the application/json media type.

Code Block
languagejs
themeMidnight
titleExample jwks_uri output (two keys)
{
  "keys": [
    {
      "kid": "oQzkkdLlojxj2yM0FaR5DI113i-WAy-gdgg0rk_aIGg",
      "kty": "RSA",
      "alg": "RS256",
      "use": "sig",
      "n": "naXd8csjhsupCwslLApWD1VMiav4I2RS3o_inZMuDFXD59ZwCxG-R77-byjxFBEw3a9SlJRbbmJg2mraL2TxO9rm8bhhKozGx0AefocMqq5cucUSss7y4rCa912m63Tq8HQpmK5M1RLeXU9Kyrmqpzfr90tBMCZwaGYFptaVuLv6Sl77JXx2rJoxUtDiOcamtiJoWckaBsD7FPGUzQ6wUjKDZGjALWh0pj9snhuA-Sb6UKjJE9eDhWa8938EUBuESVwOaDWCW0ivs2QKIe2hyAhcATArC-qE1EehxgX9BVzZ6IYO3W4IqWgAzfNI3Zj8Zi-c6XPPTdxYej35AnCXww",
      "e": "AQAB"
    },
    {
      "kid": "sQbUNpCmxzvrOD3qtDdNM_IFSUNOi1JEirUxx5uaWG4",
      "kty": "RSA",
      "alg": "RS256",
      "use": "sig",
      "n": "o89D21ssux63ehCw3Of6SmE_8RuwFNqq4vtkjRX8-tEPfEoJWY2QSTNqthznDzrlO7cgqE6u5JJaZnofuXEafmNWYKkJkcr7vNmKjdEj3dHnH278qohta9a3PwzwrAnO3enICDgjSZ7vi7-os4V3-phQOcMnyYxyffKlHFK5aVqvIfm55cbXu9hahN7tsJJttWaJc9wPsGo-9dGF9MqmYBROO-RCJ90zR7HJehbVddfzIBrHeQ8z0MIxO-YZfZP0aU9OTSKFBXwJD1QLMfRHS4f8Oj3WqCPjnB4yUtVQaRNzn5oRSLj_JTBL5O6KvBj7c-uS0x60GDWqH5HtargPbw",
      "e": "AQAB"
    }
  ]
}

...