Get the JWKs URL
A JSON Web Key (JWK) is a JSON data structure that represents a cryptographic key.
A JWK Set (JWKS) is a JSON data structure that represents a set of JWKs.
If you are using your Open Banking certificate, you should receive your JWKs URL from the Open Banking Directory.
If you are using your eIDAS certificate, you will need to publish your JWKS under a publicly available URL.
If you are testing and using services such as pastebin to temporarily host the JWKS, make sure that you provide the URL of the raw JSON and not the HTML web page displaying it.
The JWKs URL can include several JWKs (a JWKS), but it must contain at least the public signing key which will be used in the requests. The JWT must contain the following fields:
| JWK mandatory fields | Description |
|---|---|
kid | The key ID that is used to match a specific key. |
kty | The cryptographic algorithm family used with the key. |
e | Contains the exponent value for the RSA public key, represented as a Base64urlUInt-encoded value. |
n | Contains the modulus value for the RSA public key, represented as a Base64urlUInt-encoded value. This can be generated using the following command: openssl x509 -noout -modulus -in signing.pem | cut -c 9- | xxd -r -p | base64 | tr '/+' '_-' | tr -d '=' |
use | The intended use of the public key. Must be set to sig for signing keys. |
x5c | An array containing the base64-encoded .der signing certificate. |
As an example, you can see here our production JWKS.
Validate your JWK
You can use the following form to check if your JWK is valid. To do that, copy and paste the full contents of your JWK below and click Test.