Setting up the JSON Web Key (JWK) Endpoint
The JWK endpoint is a URL containing a JSON Web Key (JWK) of the RSA RS256 signing key. The Hub will use this to validate signed request objects during the authorization flow.
This conforms with RFC 7517: JSON Web Key (JWKS)
| Attribute | Value | Description |
|---|---|---|
| Key Type | RSA | RSA asymmetric key pair |
| Size | 2048 | Key size in bits |
| Use | sig | Usage for signing, not encryption |
| Algorithm | RS256 | Signing algorithm |
Requirements:
- URL should be an HTTPS-secured public endpoint accessible on the internet
- This public key needs to be associated with the private key used to sign the RP request object
- The JWKS document hosted at this URL needs to include the following metadata:
- "kty": "RSA" - Specifies this is an RSA key
- "use": "sig" - Specifies that the key is used for signing
- "alg": "RS256" - The algorithm should be RS256
- "kid": - The unique identifier for this public key
{
"keys": [
{
"use": "sig",
"kty": "RSA",
"kid": "public:77e90135-4a35-4d2f-a202-f919366a79d6",
"alg": "RS256",
"n": "ug9aO7opQaIcY3Yn_Gs....",
"e": "AQAB"
}
]
}
Updated 12 months ago