I have a JWT Class which generates JWT Token using Private key. Now, I need to expose an endpoint for exernal application to get the public key in the form of JWKS KeySet. Can anyone guide me how to achieve this scenario.
Asked
Active
Viewed 1,956 times
2 Answers
4
The JWKS is located based on a URL specified in OpenID Connect metadata. The discovery of OIDC metadata uses a special endpoint that Salesforce already provides out of the box and you won't be able to override it. Ship your public key to the other party via an out-of-band means or use Salesforce's out of the box support for issuing JWTs.
identigral
- 7,543
- 29
- 32
- 42
1
The Salesforce OpenID configuration exposes the JWKS information. Take this one as an example: https://de03-dev-ed.my.salesforce.com/.well-known/openid-configuration. Look for jwks_uri and follow that URL to https://de03-dev-ed.my.salesforce.com/id/keys. This will contain the key material you need.
David Brossard
- 232
- 2
- 11
-
The keys are only in RSA algorithm format – compski Apr 02 '23 at 10:19