PingOne Platform APIs

Read JWKS

GET {{authPath}}/{{envID}}/as/jwks

The GET /{{envID}}/as/jwks endpoint returns the JSON Web Key Set (JWK) document as defined by RFC 7517. This document contains the public keys along with metadata that can be used to validate JWT signatures. This set includes an aggregate of all Key Rotation Policy (KRP) keys of all KRPs in an environment.

The following parameters are shown for each key:

  • kty

    The is the key type, which identifies the cryptographic algorithm family used with the key. Options are RSA.

  • e

    This is the RSA public exponent parameter, which is used in the RSA Key blinding operation.

  • kid

    This is the key ID parameter, which is used to match a corresponding kid key value in the JWT token to validate the requestor and grant access to the specified API endpoint.

  • use

    This is the public key use parameter, which identifies the intended use of the public key. Options are sig (signature) and enc (encryption).

  • n

    This is the RSA modulus parameter, which is used in the RSA Key blinding operation.

  • x5t

    This is an X.509 certificate SHA-1 thumbprint parameter, which is a base64url-encoded SHA-1 thumbprint of the DER encoding of an X.509 certificate.

  • x5c

    This is an X.509 certificate chain parameter, which is a chain of one or more PKIX certificates.

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{authPath}}/{{envID}}/as/jwks'
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/jwks")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Get);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/jwks"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
GET /{{envID}}/as/jwks HTTP/1.1
Host: {{authPath}}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/jwks")
  .method("GET", body)
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{authPath}}/{{envID}}/as/jwks",
  "method": "GET",
  "timeout": 0,
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'GET',
  'url': '{{authPath}}/{{envID}}/as/jwks',
  'headers': {
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests

url = "{{authPath}}/{{envID}}/as/jwks"

payload = {}
headers = {}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/jwks');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/jwks")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/jwks")!,timeoutInterval: Double.infinity)
request.httpMethod = "GET"

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

200 OK

{
    "keys": [
        {
            "kty": "RSA",
            "e": "AQAB",
            "use": "sig",
            "x5t": "Za6ddv8nZnWoqvY6z61fiP8QwEo",
            "kid": "default",
            "x5c": [
                "MIIDLDCCAhSgAwIBAgIGAWW17v5GMA0GCSqG..."
            ],
            "n": "jgQ8twHSmSlT28I7iTi4-IsA3jgfhGPx0pIC27LTDf0..."
        }
    ]
}