JWKS

JWK set settings for an OAuth / OIDC client

In order to verify a signature of request objects coming from a client, or to provide encrypted ID tokens to a client, you have to register the client's public key to IDPartner for signature verification and/or message encryption.

The following example illustrates the usage of mkjwk.org service to generate a key pair for encryption.

By clicking “Generate” button, the tool shows the generated keys in various formats. We will use “Public and Private Keypair Set” in this example.

The original JWK set is as follows.

{
    "keys": [
        {
            "kty": "EC",
            "d": "4AEnTq3H8gcIutIoJCCZuv9GgWdKRaoJIXQkdM8r0UA",
            "use": "enc",
            "crv": "P-256",
            "kid": "_agec7UaYVN4c3RZQJQhUuR6nFSnqEXywv3QaIfFRFk",
            "x": "ilLNQ-Lcp_t5DBs9puJVI3JhwqlMndTILjkBrNd3Dsc",
            "y": "3Uy7NIHilkOWviGXMRIl2ZUE4L7Mc8ub4VhosE3l8t8"
        }
    ]
}

Remove a private key below.

"d": "4AEnTq3H8gcIutIoJCCZuv9GgWdKRaoJIXQkdM8r0UA",

The result is as follows.

{
    "keys": [
        {
            "kty": "EC",
            "use": "enc",
            "crv": "P-256",
            "kid": "_agec7UaYVN4c3RZQJQhUuR6nFSnqEXywv3QaIfFRFk",
            "x": "ilLNQ-Lcp_t5DBs9puJVI3JhwqlMndTILjkBrNd3Dsc",
            "y": "3Uy7NIHilkOWviGXMRIl2ZUE4L7Mc8ub4VhosE3l8t8"
        }
    ]
}

This JSON document is to be used as a JWK set of the client's public key.

Last updated