Setting up the JSON Web Key (JWK) Endpoint

The JWK endpoint is a URL containing a JSON Web Key (JWK) of the RSA RS256 signing key. The Hub will use this to validate signed request objects during the authorization flow.

This conforms with RFC 7517: JSON Web Key (JWKS)

AttributeValueDescription
Key TypeRSARSA asymmetric key pair
Size2048Key size in bits
UsesigUsage for signing, not encryption
AlgorithmRS256Signing algorithm

Requirements:

  • URL should be an HTTPS-secured public endpoint accessible on the internet
  • This public key needs to be associated with the private key used to sign the RP request object
  • The JWKS document hosted at this URL needs to include the following metadata:
    • "kty": "RSA" - Specifies this is an RSA key
    • "use": "sig" - Specifies that the key is used for signing
    • "alg": "RS256" - The algorithm should be RS256
    • "kid": - The unique identifier for this public key
{
  "keys": [
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "public:77e90135-4a35-4d2f-a202-f919366a79d6",
      "alg": "RS256",
      "n": "ug9aO7opQaIcY3Yn_Gs....",
      "e": "AQAB"
    }
  ]
}