JWT Verification
A JWT can be verified by using either the public key or JSON Web Key Set from either of the below requests.
Note: The below keys are examples only and keys are subject to rotation.
Get Public Key
Request
GET /.well-known/public-key HTTP/1.1
"""
-----BEGIN PUBLIC KEY-----
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEApDqqppav1vaoaEtwnEIK
f0ncqWe6qYS6I9AknQPPgSyt8pc6VmSj6tdg5ODlLwHBpwObxOE3nTFJYp8LSdOp
Xw6tLDpbFH5w76H0Y6sjvwfSVjD+Z3HH/ynhqoNn4DfsRQiUCBBMf1DoMplG6tl9
NTSKl6uxujuATP5EI07pwz0CNzyXR/KdNphPyOD0aDhJujRS+B75v+PmAxY/kdxO
6RimrxDheJQAZ0hM3OzzDYO+YIvH8OnvPXoouZZl+6Iny0Vs6dEE+m0QXWj/FCMM
qH9jJFBVa4jX7Jw+IkPCt6qZmDX1ivathmlDDhn7vInkpNvudRhGG/i4shJ0xkyP
P7HTwXybzE65wUeMD0DVje40HL4OscUJW/kTc8VrsOYOACV8BzPWC6kAXNVcKbMD
nMM3fA9iW6zbkJkMAmE9zrb1u/zziKcUvA7TkgmqvzlyLTtlPW7fKdb9PzLv0yAL
mLkbFIMRTFGI7htaqIS2GJ0ZiEAcoAZBsoITr2FMWqflAgMBAAE=
-----END PUBLIC KEY-----
"""
Get JWKS
Request
GET /.well-known/jwks.json HTTP/1.1
Response
{
"keys": [
{
"kty": "RSA",
"n": "pDqqppav1vaoaEtwnEIKf0ncqWe6qYS6I9AknQPPgSyt8pc6VmSj6tdg5ODlLwHBpwObxOE3nTFJYp8LSdOpXw6tLDpbFH5w76H0Y6sjvwfSVjD-Z3HH_ynhqoNn4DfsRQiUCBBMf1DoMplG6tl9NTSKl6uxujuATP5EI07pwz0CNzyXR_KdNphPyOD0aDhJujRS-B75v-PmAxY_kdxO6RimrxDheJQAZ0hM3OzzDYO-YIvH8OnvPXoouZZl-6Iny0Vs6dEE-m0QXWj_FCMMqH9jJFBVa4jX7Jw-IkPCt6qZmDX1ivathmlDDhn7vInkpNvudRhGG_i4shJ0xkyPP7HTwXybzE65wUeMD0DVje40HL4OscUJW_kTc8VrsOYOACV8BzPWC6kAXNVcKbMDnMM3fA9iW6zbkJkMAmE9zrb1u_zziKcUvA7TkgmqvzlyLTtlPW7fKdb9PzLv0yALmLkbFIMRTFGI7htaqIS2GJ0ZiEAcoAZBsoITr2FMWqfl",
"e": "AQAB"
}
]
}