JWKS

pydantic model gafaelfawr.models.oidc.JWKS

Schema for the /.well-known/jwks.json endpoint.

Parameters:

data (Any)

Show JSON schema

{
   "title": "JWKS",
   "description": "Schema for the ``/.well-known/jwks.json`` endpoint.",
   "type": "object",
   "properties": {
      "keys": {
         "description": "Valid signing keys for OpenID Connect JWTs",
         "items": {
            "$ref": "#/$defs/JWK"
         },
         "title": "Signing keys",
         "type": "array"
      }
   },
   "$defs": {
      "JWK": {
         "description": "The schema for a JSON Web Key (RFCs 7517 and 7518).",
         "properties": {
            "alg": {
               "description": "Will always be ``RS256``",
               "examples": [
                  "RS256"
               ],
               "title": "Algorithm",
               "type": "string"
            },
            "kty": {
               "description": "Will always be ``RSA``",
               "examples": [
                  "RSA"
               ],
               "title": "Key type",
               "type": "string"
            },
            "use": {
               "description": "Will always be ``sig`` (signatures)",
               "examples": [
                  "sig"
               ],
               "title": "Key usage",
               "type": "string"
            },
            "kid": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "A name for the key, also used in the header of a JWT signed by that key. Allows the signer to have multiple valid keys at a time and thus support key rotation.",
               "examples": [
                  "some-key-id"
               ],
               "title": "Key ID"
            },
            "n": {
               "description": "Big-endian modulus component of the RSA public key encoded in URL-safe base64 without trailing padding",
               "examples": [
                  "ANKiIsSRoHb4n9xumf17III4O74-eYEMIb6KgGZmC9g7besYXa8vFi-FyHGhI9hUkaR0UeGLfsB18NWmdVmfGk1kiHOHVEXVjmr40FH8nGIU9Bh9bUwUlm18BEadHwoXCoiHW6Tm6cFNX8ANmOO3px99mpL5hd3Z2HFeKC230vpQ7ufbLj_QMIpFw3h-UOcJ9Yro_GFQB7tObL34HyrnzR-pS9DaAzQ0oGUwBHx-9b5iw75A2VEOraDoKgBlTuZgQpfGM8hJHJcEkg9htWceQfTCPAG7kP9p0K_bF3BM-8zXw53eE7g3Nd8Yz3875PrPIG7JeKWz7mef8YNmv331fXc"
               ],
               "title": "RSA modulus",
               "type": "string"
            },
            "e": {
               "description": "Big-endian exponent component of the RSA public key encoded in URL-safe base64 without trailing padding",
               "examples": [
                  "AQAB"
               ],
               "title": "RSA exponent",
               "type": "string"
            }
         },
         "required": [
            "alg",
            "kty",
            "use",
            "n",
            "e"
         ],
         "title": "JWK",
         "type": "object"
      }
   },
   "required": [
      "keys"
   ]
}

Fields:

• keys (list[gafaelfawr.models.oidc.JWK])

field keys: list[JWK] [Required]

Valid signing keys for OpenID Connect JWTs