To list all JSON Web Key (JWK) keys for a project in Ory, you can use the following methods: 1. Using the Ory CLI: You can use the

ory get jwk

command to list the JSON Web Keys for a project. Here's an example:

ory get jwk <set-id>

You can specify multiple set IDs if needed. To get only public keys, you can add the

--public

flag [Ory CLI documentation](https://www.ory.sh/docs/cli/ory-get-jwk). 2. Using the Ory API: You can make a GET request to the

/admin/keys/{set}

endpoint. The

set

parameter corresponds to the specific set of keys you want to retrieve. For example, to get the default keys used for signing JWT Access Tokens, you would use

hydra.jwt.access-token

as the set ID [JSON Web Token validation documentation](https://www.ory.sh/docs/oauth2-oidc/jwt-access-token#json-web-token-validation). 3. Using the well-known endpoint: For public keys used to verify tokens, you can access the well-known JWKS (JSON Web Key Set) endpoint:

http://$<http://PROJECT_SLUG.projects.oryapis.com/.well-known/jwks.json|PROJECT_SLUG.projects.oryapis.com/.well-known/jwks.json>

This endpoint returns the public keys necessary for verifying tokens [JSON Web Token validation documentation](https://www.ory.sh/docs/oauth2-oidc/jwt-access-token#json-web-token-validation). Note that the exact method you should use depends on your specific use case and whether you need access to private keys or just public keys for verification purposes.

If you don't know the name of the JSON Web Key Set (JWKS), there are a couple of approaches you can take: 1. Use the well-known endpoint: The simplest approach is to use the well-known JWKS endpoint, which doesn't require you to know the specific set name. You can access this endpoint at:

http://$<http://PROJECT_SLUG.projects.oryapis.com/.well-known/jwks.json|PROJECT_SLUG.projects.oryapis.com/.well-known/jwks.json>

This endpoint will return the public keys used for verifying tokens [JSON Web Token validation documentation](https://www.ory.sh/docs/oauth2-oidc/jwt-access-token#json-web-token-validation). 2. Use default set names: Ory uses some default set names for common purposes. If you're looking for specific types of keys, you can try these default set names: - `hydra.openid.id-token`: For keys used to sign OpenID Connect ID Tokens - `hydra.jwt.access-token`: For keys used to sign JWT Access Tokens You can use these set names with the Ory CLI or API [JSON Web Token validation documentation](https://www.ory.sh/docs/oauth2-oidc/jwt-access-token#json-web-token-validation). 3. List all available sets: If you're using the Ory CLI, you can list all available JWK sets without specifying a set name. Simply run:

ory get jwk

This command will retrieve all JSON Web Key Sets for your project [Ory CLI documentation](https://www.ory.sh/docs/cli/ory-get-jwk). 4. Use the API to retrieve all sets: If you're using the API directly, you can make a GET request to the

/admin/keys

endpoint (without specifying a set name) to retrieve all available key sets. However, this endpoint is not explicitly documented in the provided knowledge sources, so you may need to check the full API documentation or contact Ory support for confirmation. Remember that access to private keys may be restricted, and these methods will primarily give you access to public keys used for token verification.