GET /oauth/jwks
Schibsted account publishes the public part of the RSA keys used to sign tokens on the /oauth/jwks
endpoint. This enables applications to verify the validity of tokens without making a request to /oauth/introspect.
The JWK and JWKS formats are defined by RFC 7517.
A list of libraries in different programming languages that supports verifying the signature of JWS can be found on https://jwt.io.
Request
GET /oauth/jwks
Response
HTTP/1.1 200 OK
Content-Length: 3952
Content-Type: application/json
Date: Mon, 29 Feb 2016 13:37:00 GMT
{
"keys": [
{
"kty": "RSA",
"alg": "RS256",
"kid": "91553059-9dc7-4612-9be9-ea38b7c6a128",
"use": "sig",
"n": "uUjYpiIg...MNEb7LJQ",
"e": "AQAB"
},
{
"kty": "RSA",
"alg": "RS256",
"kid": "43455776-8c74-4147-8635-8af3479358a5",
"use": "sig",
"n": "rCfVl0by...seOoZFnQ",
"e": "AQAB"
}
]
}
See also
- POST /oauth/token
- POST /oauth/register
- POST /oauth/ro
- POST /oauth/introspect
- GET /oauth/userinfo
- GET /oauth/authorize
Help us improve
Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).
Comments/feedback
Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. Our team reads and responds to every question. Additionally, your experience can help others using Schibsted account, and it can help us continuously improve our documentation.