Setting up the JSON Web Key (JWK) Endpoint
The JWK endpoint is a URL containing a JSON Web Key (JWK) of the RSA RS256 signing key. The Hub will use this to validate signed request objects during the authorization flow.
This conforms with RFC 7517: JSON Web Key (JWKS)
Attribute | Value | Description |
---|---|---|
Key Type | RSA | RSA asymmetric key pair |
Size | 2048 | Key size in bits |
Use | sig | Usage for signing, not encryption |
Algorithm | RS256 | Signing algorithm |
Requirements:
- URL should be an HTTPS-secured public endpoint accessible on the internet
- This public key needs to be associated with the private key used to sign the RP request object
- The JWKS document hosted at this URL needs to include the following metadata:
- "kty": "RSA" - Specifies this is an RSA key
- "use": "sig" - Specifies that the key is used for signing
- "alg": "RS256" - The algorithm should be RS256
- "kid": - The unique identifier for this public key
{
"keys": [
{
"use": "sig",
"kty": "RSA",
"kid": "public:77e90135-4a35-4d2f-a202-f919366a79d6",
"alg": "RS256",
"n": "ug9aO7opQaIcY3Yn_Gs....",
"e": "AQAB"
}
]
}
Updated 15 days ago