Skip to content

JWKS Endpoints

These endpoints allow you to retrieve the public keys needed to verify any access token issued by our authorization server (iss=nopwd.io).

Nopwd uses the JSON Web Key (JWK) specification to represent the cryptographic keys used for signing P256 tokens. This specification defines two high-level data structures: JSON Web Key (JWK) and JSON Web Key Set (JWKS). The public key is in the JWKS Format, enabling you to verify the signature of all generated access tokens.

MethodResourcePurpose
GET/jwks/:kidReturns a specific JSON Web Key (JWK)
GET/jwksReturns a set of JSON Web Keys (JWKS)

GET /jwks/:kid

Returns a JWK identified by its kid.

Parameters

ParamTypeMandatoryDescription
:kidPathYesThe unique identifier for the signing key

Response

interface Jwk {
kid: string; // The unique identifier for the key
kty: string; // The family of cryptographic algorithms used with the key (we use EC)
crv: string; // The curve used, which is "P-256"
x: string; // The x coordinate of the elliptic curve (base64 url safe)
y: string; // The y coordinate of the elliptic curve (base64 url safe)
}

Response Codes

CodeDescription
200Request was successful.
404The key doesn’t exist or has been revoked.

Usage

const response = await fetch(`https://api.nopwd.io/v0/jwks/${kid}`);
const jwk = await response.json();

GET /jwks

Returns all valid JSON Web Keys (JWKs).

Response

interface Jwks {
keys: Jwk[]
}

Response Codes

CodeDescription
200Request was successful.

Usage

const response = await fetch("https://api.nopwd.io/v0/jwks");
const jwks = await response.json();