This tool validates JWKS endpoints by fetching the JWKS document from the specified URL and validating that the JWK (key) is valid. It also checks for common misconfigurations and provides feedback on what is incorrect according to standards.
This tool validates JWKS endpoints by fetching the JWKS document from the specified URL and validating that the JWK (key) is valid. It also checks for common misconfigurations and provides feedback on what is incorrect according to standards.
A JSON Web Key Set (JWKS) contains the public keys used to verify JSON Web Tokens (JWTs) issued by an authorization server.
JWKS endpoints are commonly found at /.well-known/jwks.json.
Example: https://example.com/.well-known/jwks.json
Google: https://www.googleapis.com/oauth2/v3/certs