JWKS Endpoint Validator

JWKS

An authorization server will often have a publicly available JWKS endpoint used for discovery of its signing keys. It is usually advertised via an Authorization Servers openid-configuration endpoint, if used.

Any endpoint can host a JWKS, as long as it is formatted correctly, for example, the JWKS endpoint can be found at

/.well-known/jwks.
Example: https://example.com/.well-known/jwks.json

Example: https://example.com/jwks

JWKS Input

This tool is intended to validate the JWKS endpoint. The tool will fetch the JWKS document from the specified URL and validate that the JWK (key) is valid. The tool will also check for common misconfigurations and provide feedback on what is "incorrect" according to standards.