JWKS
/jwks_uri endpoint for signature public keys.
Definition
JWKS exposes a JSON {keys: [...]}. Each key contains kty (RSA, EC, oct), kid (key ID), use (sig/enc), alg (RS256, ES256), n+e (RSA), x+y+crv (EC). Standard rotation: add new key, wait 24-48h propagation, delete old. Cache TTL typically 1h.
Origin
IETF JOSE WG ; RFC 7517 published May 2015.
Example in context
An API service validates an Auth0 access token by fetching the JWKS at https://tenant.auth0.com/.well-known/jwks.json.
Related terms
- JWS — consumes keys.