The

jwks

configuration in the OAuth2 configuration is used to pass the client's JSON Web Key Set (JWK) document by value. This parameter is intended to be used by clients that, for some reason, are unable to use the

jwks_uri

parameter, for instance, by native applications that might not have a location to host the contents of the JWK Set. The semantics of the

jwks

parameter are the same as the

jwks_uri

parameter, other than that the JWK Set is passed by value, rather than by reference. If a client can use

jwks_uri

, it must not use

jwks

. One significant downside of

jwks

is that it does not enable key rotation (which

jwks_uri

does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The

jwks_uri

and

jwks

parameters must not be used together. Here is an example of how to register an RSA public key for an OAuth2 client using the

jwks

field:

javascript import { Configuration, OAuth2Api } from "@ory/client"      const ory = new OAuth2Api(     new Configuration({       basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,       accessToken: process.env.ORY_API_KEY,     }),   )      export async function createOAuth2Client() {     await ory.createOAuth2Client({       oAuth2Client: {         token_endpoint_auth_method: "private_key_jwt",         token_endpoint_auth_signing_alg: "RS256", // or ES256, EdDSA; ...         // ...            // define the public key directly:         jwks: {           keys: [             {               kty: "RSA",               n: "jL7h5wc-yeMUsHGJHc0xe9SbTdaLKXMHvcIHQck20Ji7SvrHPdTDQTvZtTDS_wJYbeShcCrliHvbJRSZhtEe0mPJpyWg3O_HkKy6_SyHepLK-_BR7HfcXYB6pVJCG3BW-lVMY7gl5sULFA74kNZH50h8hdmyWC9JgOHn0n3YLdaxSWlhctuwNPSwqwzY4qtN7_CZub81SXWpKiwj4UpyB10b8rM8qn35FS1hfsaFCVi0gQpd4vFDgFyqqpmiwq8oMr8RZ2mf0NMKCP3RXnMhy9Yq8O7lgG2t6g1g9noWbzZDUZNc54tv4WGFJ_rJZRz0jE_GR6v5sdqsDTdjFquPlQ",               e: "AQAB",               use: "sig",               kid: "some-key-id",             },           ],         },       },     })   }

Sources: - [Ory Hydra API - oAuth2](https://www.ory.sh/docs/hydra/reference/api) - [Registering the client's public key](https://www.ory.sh/docs/hydra/guides/jwt#registering-the-clients-public-key)