https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> when I add a JWKS over the ory API ...
# ory-copilot
s
@chilly-king-10285 when I add a JWKS over the ory API will it show up in the list of keys returned by the 
/.well-known/jwks.json
endpoint?
c
A message from kapa.ai
Yes, when you add a JSON Web Key Set (JWKS) over the Ory API, it should show up in the list of keys returned by the 
/.well-known/jwks.json
endpoint. This endpoint is a standard that contains the public keys for verifying ID tokens and JWT access tokens. Ory OAuth2 and OpenID Connect expose this endpoint by default for each Ory Network project. You can access it at the following URL: 
https://{project.slug}.<http://projects.oryapis.com/.well-known/jwks.json|projects.oryapis.com/.well-known/jwks.json>
. This endpoint returns JSON Web Keys required for verifying OpenID Connect ID Tokens and, if enabled, OAuth 2.0 JWT Access Tokens. It can be used with client libraries like node-jwks-rsa among others. For more details, you can refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api) and [Ory Hydra API Reference](https://www.ory.sh/docs/hydra/reference/api).
s
@chilly-king-10285 on my ory network instance, I added a key set named 
test-key-set
with one key in it. The key used the ES256 algorithm. I added it using a CLI command like 
ory create jwk test-key-set --alg ES256 --format json-pretty > test-key-set.json
However, after creating it I go to the 
/.well-known/jwks.json
endpoint and I see no keys that match the kid of the key I created. Why would this be?
c
A message from kapa.ai
The issue you're experiencing could be due to a variety of reasons. Here are a few possibilities: 1. Propagation Delay: After creating the key, there might be a slight delay before the key is propagated and becomes visible at the 
/.well-known/jwks.json
endpoint. 2. Project Mismatch: Ensure that the key was created for the correct project. The 
/.well-known/jwks.json
endpoint is specific to each Ory Network project. If the key was created for a different project, it won't appear in the JWKS of the current project. 3. Key Visibility: The 
ory create jwk
command has a 
--public
flag that, when set, only returns public keys. If this flag was set when creating the key, and the key is not public, it won't appear in the JWKS. 4. Incorrect Key ID: Ensure that the 
kid
(key ID) you're looking for matches exactly with the 
kid
of the created key. The 
kid
is used to match a specific key within a JWK Set. If none of these possibilities explain the issue, it might be a good idea to reach out to Ory's support for further assistance. For more details, you can refer to the [Ory CLI Documentation](https://www.ory.sh/docs/cli/ory-create-jwk#ory-create-jwk) and [Ory Hydra Documentation](https://www.ory.sh/docs/hydra/jwks#the-role-of-well-knownjwksjson).
5 Views
Open in Slack
PreviousNext
Powered by