GET /oauth/jwks

Schibsted account publishes the public part of the RSA keys used to sign tokens on the /oauth/jwks endpoint. This enables applications to verify the validity of tokens without making a request to /oauth/introspect.

The JWK and JWKS formats are defined by RFC 7517.

A list of libraries in different programming languages that supports verifying the signature of JWS can be found on https://jwt.io.

Request

GET /oauth/jwks

Response

HTTP/1.1 200 OK
Content-Length: 3952
Content-Type: application/json
Date: Mon, 29 Feb 2016 13:37:00 GMT

{
    "keys": [
        {
            "kty": "RSA",
            "alg": "RS256",
            "kid": "91553059-9dc7-4612-9be9-ea38b7c6a128",
            "use": "sig",
            "n": "uUjYpiIg...MNEb7LJQ",
            "e": "AQAB"
        },
        {
            "kty": "RSA",
            "alg": "RS256",
            "kid": "43455776-8c74-4147-8635-8af3479358a5",
            "use": "sig",
            "n": "rCfVl0by...seOoZFnQ",
            "e": "AQAB"
        }
    ]
}

See also

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).

History of this page

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. Our team reads and responds to every question. Additionally, your experience can help others using Schibsted account, and it can help us continuously improve our documentation.