RFC 7517 — JSON Web Key (JWK)

Spec: datatracker.ietf.org/doc/html/rfc7517Status: Full

RFC 7517 defines the JSON representation of cryptographic keys and the JWK Set format used to publish signing keys.

Implemented

• JWK Set endpoint — GET /.well-known/jwks.json returns all active signing keys for the tenant.
• Key types — RSA, EC, and symmetric (oct) keys can be represented.
• Standard JWK parameters — kty, kid, use, alg, n, e, x, y, crv are populated as appropriate.
• Key rotation — multiple keys can be published simultaneously so that old tokens remain verifiable while new tokens are signed with a new key.
• Cache headers — JWKS responses include appropriate Cache-Control headers so downstream resource servers can cache public keys.

Related AuthHero documentation

• Tokens
• RFC 7519 — JWT