Get JWKS - Stytch Docs

  curl --request GET \
      --url https://${projectDomain}/.well-known/jwks.json

{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "key_ops": [
        "verify"
      ],
      "alg": "RS256",
      "kid": "jwk-test-78d89caa-f3aa-4e00-9000-cc0000000b00",
      "x5c": [
        "MIICv..."
      ],
      "x5tS256": "FyV...=",
      "n": "0000...",
      "e": "AQAB"
    }
  ],
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "status_code": 200
}

  curl --request GET \
      --url https://${projectDomain}/.well-known/jwks.json

{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "key_ops": [
        "verify"
      ],
      "alg": "RS256",
      "kid": "jwk-test-78d89caa-f3aa-4e00-9000-cc0000000b00",
      "x5c": [
        "MIICv..."
      ],
      "x5tS256": "FyV...=",
      "n": "0000...",
      "e": "AQAB"
    }
  ],
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "status_code": 200
}

  curl --request GET \
      --url https://${projectDomain}/.well-known/jwks.json

{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "key_ops": [
        "verify"
      ],
      "alg": "RS256",
      "kid": "jwk-test-78d89caa-f3aa-4e00-9000-cc0000000b00",
      "x5c": [
        "MIICv..."
      ],
      "x5tS256": "FyV...=",
      "n": "0000...",
      "e": "AQAB"
    }
  ],
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "status_code": 200
}

GET

https://${projectdomain}

.well-known

jwks.json

  curl --request GET \
      --url https://${projectDomain}/.well-known/jwks.json

{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "key_ops": [
        "verify"
      ],
      "alg": "RS256",
      "kid": "jwk-test-78d89caa-f3aa-4e00-9000-cc0000000b00",
      "x5c": [
        "MIICv..."
      ],
      "x5tS256": "FyV...=",
      "n": "0000...",
      "e": "AQAB"
    }
  ],
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "status_code": 200
}

Get the JSON Web Key Set (JWKS) for your Stytch project. This is the same JWKS used in the session JWKS endpoint. This endpoint uses your Custom Domain. Within the JWKS, the JSON Web Keys are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key, and both keys will be returned by this endpoint for a period of 1 month. JWKS can be used to validate your Connected App’s access tokens and ID tokens. If you’re using one of our backend SDKs, the JSON Web Key (JWK) rotation will be handled for you. If you’re using your own JWT validation library, many have built-in support for JWK rotation, and you’ll just need to supply this API endpoint. If not, your application should decide which JWK to use for validation by inspecting the kid value. No authentication is needed for this endpoint. This endpoint displays JSON Web Keys as described in RFC-7517. See our blog for more information on JSON Web Keys.

We recommend using the Custom Domain whenever possible. For backwards compatibility reasons, this endpoint is also available at https://test.stytch.com/v1/public/${projectId}/.well-known/jwks.json.

Response

keys

array

An array of JWK objects.

request_id

string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code

number

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

⌘I

​Response

Response