Example JWKS

{
	"keys": [
		{
			"kty": "RSA",
			"kid": "-38074812",
			"use": "sig",
			"alg": "RS256",
			"n": "yMAHZiIfbAgmZJ-_4Gj-wdS8rvaKNBbnHz_krmd-kkX51bA1EsUc0CN672-xnUb_-E_u_GoWhJzdjiBuz9XasSfQK8WyAwbc7MLkw40A7Zxl2sfsxGTod3qi1u8mjguoc9CbVqPdYe_9YPVxoK4CeJz6V8AsPcxVJxYq6os1rI9qFx_6a1JdQEhetGtkHLFvwo80UTzKXKhGXSu96WrXnkDE8Kw5TSKvh2gI_BX4QHXjE82xldJRJ8QIXGpRNbdyzGkUdjsrhmZl3ARC9IUlxmowkcEEIzjfbOKBVGrVcJ7rHb0GYNaKtMB_MlH1uAPDxl6qKeXOAZ8YEZ1r0ToPw",
			"e": "AQAB",
			"x5t": "MR-pGTa866RdZLjN6Vwrfay907g"
		},
		{
			...
		},
		...
	]
}

• kty – Key Type – Identifies the family of algorithms used with this key
• kid – Key Identifier – Acts as an ‘alias’ for the key
• use – Usage – ‘sig’ for signing keys, ‘enc’ for encryption keys
• alg – Algorithm – Identifies the specific algorithm
• n & e - both used to create an RSA public-key:
  • modulo (n)
  • exponent (e)
• x5t – X.509 Certificate Thumbprint – Used to identify specific certificates
• x5c – X.509 Certificate Chain – Chain of certificates used for verification. The first entry in the array is always the cert to use for token verification. The other certificates can be used to verify this first certificate