Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

<@U04UQ68083H> In oauth2 yaml config, how do I add a custom JWKS to the .well-known endpoint?

To add a custom JSON Web Key Set (JWKS) to the `/.well-known/jwks.json` endpoint in your OAuth2 configuration, you need to use the `ory patch oauth2-config` command. Here's an example of how to do it:  ```bash ory patch oauth2-config --project &lt;project-id&gt; --workspace &lt;workspace-id&gt; \   --add '/webfinger/jwks/broadcast_keys/-="custom_keyset"' ```  In this command, replace `&lt;project-id&gt;` and `&lt;workspace-id&gt;` with your project's ID and workspace ID, respectively. `"custom_keyset"` should be replaced with the name of your custom keyset.  Before you can add a custom keyset, you need to create it. For more information on how to create a custom keyset, you can refer to the `ory create jwk` command in the Ory documentation.  Please note that the `/.well-known/jwks.json` file is a standard endpoint that contains the public keys for verifying ID tokens and JWT access tokens. Ory OAuth2 and OpenID Connect expose this endpoint by default for each Ory Network project.  Source: [Ory Documentation](<https://www.ory.sh/docs/hydra/jwks#the-role-of-well-knownjwksjson>)