https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> what does the jwks config in the oa...
# ory-copilot
s
@chilly-king-10285 what does the jwks config in the oauth2 config control?>
c
A message from kapa.ai
The 
jwks
configuration in the OAuth2 configuration is used to pass the client's JSON Web Key Set (JWK) document by value. This parameter is intended to be used by clients that, for some reason, are unable to use the 
jwks_uri
parameter, for instance, by native applications that might not have a location to host the contents of the JWK Set. The semantics of the 
jwks
parameter are the same as the 
jwks_uri
parameter, other than that the JWK Set is passed by value, rather than by reference. If a client can use 
jwks_uri
, it must not use 
jwks
. One significant downside of 
jwks
is that it does not enable key rotation (which 
jwks_uri
does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The 
jwks_uri
and 
jwks
parameters must not be used together. Here is an example of how to register an RSA public key for an OAuth2 client using the 
jwks
field:
Copy code
javascript import { Configuration, OAuth2Api } from "@ory/client"      const ory = new OAuth2Api(     new Configuration({       basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,       accessToken: process.env.ORY_API_KEY,     }),   )      export async function createOAuth2Client() {     await ory.createOAuth2Client({       oAuth2Client: {         token_endpoint_auth_method: "private_key_jwt",         token_endpoint_auth_signing_alg: "RS256", // or ES256, EdDSA; ...         // ...            // define the public key directly:         jwks: {           keys: [             {               kty: "RSA",               n: "jL7h5wc-yeMUsHGJHc0xe9SbTdaLKXMHvcIHQck20Ji7SvrHPdTDQTvZtTDS_wJYbeShcCrliHvbJRSZhtEe0mPJpyWg3O_HkKy6_SyHepLK-_BR7HfcXYB6pVJCG3BW-lVMY7gl5sULFA74kNZH50h8hdmyWC9JgOHn0n3YLdaxSWlhctuwNPSwqwzY4qtN7_CZub81SXWpKiwj4UpyB10b8rM8qn35FS1hfsaFCVi0gQpd4vFDgFyqqpmiwq8oMr8RZ2mf0NMKCP3RXnMhy9Yq8O7lgG2t6g1g9noWbzZDUZNc54tv4WGFJ_rJZRz0jE_GR6v5sdqsDTdjFquPlQ",               e: "AQAB",               use: "sig",               kid: "some-key-id",             },           ],         },       },     })   }
Sources: - [Ory Hydra API - oAuth2](https://www.ory.sh/docs/hydra/reference/api) - [Registering the client's public key](https://www.ory.sh/docs/hydra/guides/jwt#registering-the-clients-public-key)
3 Views
Open in Slack
PreviousNext
Powered by