Each key ID (
kid
) can only be registered once. Choose either direct or well-known registration for each unique key.Body
The type of key registration. One of
direct
or well_known
Contact email for the key registration.
The JSON Web Key object. Required for direct registration, null for well-known.
URL to your JWKS endpoint. Required for well-known registration, null for direct.
Well-Known Endpoint Requirements
If usingtype: "well_known"
, your endpoint must return a JWKS that meets these requirements:
- Must have a top-level field named
keys
that has a list as its value. - For a JWK (an item in list of
keys
) to be valid the following must be met:- JWK must be an object
- JWK must have a field named
kty
and it must be equal toRSA
- JWK must have a field
n
and it must be a string that is validn
for a JWK in accordance to the RFC - JWK must have a field
e
and it must be a string that is valide
for a JWK in accordance to the RFC - JWK can optionally have a field named
alg
but if it is provided the value must beRSA-OAEP-256
- JWK must have a field
kid
and it must be a string that is a validid
which will be passed ascid
when making requests to Method