JWKs¶
JWKs is a standard endpoint that returns the public part of keys used by BankID for token signing and encryption of the request
parameter.
The standard is described in RFC7517.
BankID serves public keys in two endpoints which are found in the OpenID Configuration:
- The
jwks_uri
returns keys for validating signatures and encrypting the authorization request's request parameter. - (Deprecated) The
jwks_uri_enc
returns keys for encrypting the login_hint. This endpoint is deprecated. Use PAR of encrypted request object.
Points to consider¶
- Keys returned from these endpoints will be replaced by new keys at specific intervals, a cache control header in the response defines the (minimum) lifetime of the keys. See key rotation for more info.
- Keys supporting new algorithms may be introduced. Removal of used algorithms will be announced. RS256 will be replaced by ES256.
kid
values will not be reused, these will always be unique values identifying one and one key only.- Keys will contain validation information so that their source, i.e. BankID, may be verified.
- Keys will be signed by a BankID trust certificate, and the certificate chain is available in the
x5c
field of the key.
For validation of the keys themselves, trust certificates may be downloaded here.
API¶
Request¶
orResponse¶
The response is a JWKs Keyset with the following structure:
{
"keys": [
{
"kid": "UCE8Wktuqey4tCnQOVOiBbsPTjdUmqSmbtyttDxnxG0",
"kty": "EC",
"alg": "ES256",
"use": "sig",
"crv": "P-256",
"x": "-4tGGsaYxxYs15vcX7PS_T7k7Bvluk4FUJUUIEXMILo",
"y": "Qcyap0mbj_ovqY-B7TCcoiO9hsYFIZ28Kk12mr5CaNw",
"x5t#S256": "RILfZSUqjiDkWpRnKg1dcK3PrR1OUqp7YO-8ySvVyqQ",
"x5t": "hPDC7uPNbeXZxMlPPpbWfQNuAaw",
"x5c": [
"MIID9DCCAdygAwIBAgIDAp/jMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAk5PMRMwEQYDVQQKDApQcmVQcm9kIEFTMRIwEAYDVQQLDAkxMjM0NTY3ODkxKDAmBgNVBAMMH0JhbmtJRCAtIFByZVByb2QgLSBVdGlsaXR5IENBIDMwHhcNMjQwNTE0MTM1MDAxWhcNMjYwNTE0MTM1MDAxWjA8MQswCQYDVQQGEwJOTzEPMA0GA1UECgwGQmFua0lEMRwwGgYDVQQDDBNCYW5rSUQgT0lEQyBDdXJyZW50MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+4tGGsaYxxYs15vcX7PS/T7k7Bvluk4FUJUUIEXMILpBzJqnSZuP+i+pj4HtMJyiI72GxgUhnbwqTXaavkJo3KOBpTCBojAVBgNVHSAEDjAMMAoGCGCEQgEQAQ4BMDkGCCsGAQUFBwEBBC0wKzApBggrBgEFBQcwAYYdaHR0cHM6Ly92YS1wcmVwcm9kMS5iYW5raWQubm8wDgYDVR0PAQH/BAQDAgbAMB8GA1UdIwQYMBaAFGpVUbRCQ/Qmeor7jSBCtIx6c71vMB0GA1UdDgQWBBTXmT9TdTUedrizJ3ylCPY9b9C+9TANBgkqhkiG9w0BAQsFAAOCAgEAUlyGNGTFwTp4vcQKATKFNFaL0Y46Yverye1fljgX0VPzzBk7Lgb7nBB/405Z6y2AGVE6k/8vOzwpse6ywDSbyg86meHgdgNzxL5TUsUoWsUTgmFhaAEr81aojQqKuEMoor36JHO6+9jc02CbU7PwdBECn9tas4nfhoed2eDh43jiFSWNbgFFJ2LGipt+4BFZf8tPFsrex8D5najckOJJ1vLg83Li1BwFLnskJmZPzhjj/1NhGhlYYus4aiM5luu5vO4Y/ABBD7hNgvCbVYcuJl5iuVTOKqheKB2L0OrwgSqymot+WEqGTYKvd/d5I7FqB5T5QS1XtFKeJSb+fFRuYEUvyaEcA2R1KyuGXhF0XPyXfQ616nKiZ67CRF3J29L6Hjo8CFCVax9nu987DuRZtXOPQZbcJ9ro04S6zHgo1QgDzcw8zkdvYE3rvbYn/8Rfjonb6ELpY1uRb0irpnGIKxT/j5hquJuxaDfwYFAP2XwcnHfrSICUKV6aswPyjOj79qJXB25vHF/QRZdrM+E+a/1FXEL9J2Mwauq3n7gDmdQvgDrzTiCZ7fRJThcw2uChAG7e4+FF/9GrXjKhXJcJqsh0XVY3xDMmTN1ehIRSyf33EXHNkSWYxK14+gEM5w1pSbyHvdcD4e0eLNQaFES0CR5vpzrCx0DeQY8s3vhSg3k=",
"MIIFyjCCA7KgAwIBAgICB9MwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCTk8xKjAoBgNVBAoMIVRFU1QgLSBGTkggb2cgU3BhcmViYW5rZm9yZW5pbmdlbjEWMBQGA1UECwwNVEVTVCAtIEJhbmtJRDEeMBwGA1UEAwwVVEVTVCAtIEJhbmtJRCBSb290IENBMB4XDTIxMDIxNzE0NTAxNFoXDTMzMDIxNzE0NTAxNFowYDELMAkGA1UEBhMCTk8xEzARBgNVBAoMClByZVByb2QgQVMxEjAQBgNVBAsMCTEyMzQ1Njc4OTEoMCYGA1UEAwwfQmFua0lEIC0gUHJlUHJvZCAtIFV0aWxpdHkgQ0EgMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANH+P0jxNDtWwbvPsSIdn+tTb805OzdgkYBh28l3imVHj43Vuly3rMzx9pO4oeTOfwQhaBMX/N/b0+oXa8e8HvrpD6ez9nrqvC1QUo80hLcg83V236A444VUlklWX4lKXlD3iMtG8dQgytdyDub0u3uq8scIdEBOjkPxj0Gt9yJLDmY+VdPDpH8HkwlxJHmiNP/cwS33ALWizrRVfNL0Y7uoleTb7FeaMfBSbYJQI3NTKoBcJFNDXgmUtbaI94AgNDP6haIipGFuCjek3Y0+mZWT9Ky7K8OkbAV00rjEAxV0YPNcHJz6O/0DEq0KElB6rpDukyWCqwpTXJ3C54LODnDjSAxmA6RlyTdgpkSTGMjCxOWdDFrBscN4ReAqym6jwUDdBzpJkWk/6MccqoShme0iznVW51XB4YZd8kq99UfTHgLs8qgsqPFxJ38CbcPxfeh74KpEL7XMn73iB06i7U+NQgLncFCY4Zi+s5W2/9K9D/aiFMwXuuDRU44HSO4InX0+xbl5y8zHRlNWyHdioMxITXeNO6isekNxdUAxJrztG1soPxjl4qGyGecTh3+9W+oOypiTyvFxs3xVOfXhwmFTqJapqVqXv9ED/W6WKGOsM4kLEn6aK0zQc3bg30ymAbkFnGPyi8uIAqze5FTBkyZkgD+bzMqTlDzOPtZdn4V3AgMBAAGjfTB7MBIGA1UdEwEB/wQIMAYBAf8CAQAwFQYDVR0gBA4wDDAKBghghEIBEAEHATAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAU00ZXK3fSYu9rzDPHHFx+M5Uqoh4wHQYDVR0OBBYEFGpVUbRCQ/Qmeor7jSBCtIx6c71vMA0GCSqGSIb3DQEBCwUAA4ICAQCX5EMiVrcbZNh3ImTF8xOJTLrjGy05hZLO9eRlacfnqLkoQvPRNBhZ3DEf8G2efqH406UTN4SZ34RYCRl9wP+R7+aZd/GSPEc4NU0/Nlatixvvxsr8Shxc1LBHxa1fiGVSWS9Evxxmcgn5reJ86sbinlhgKdpxHwdhWJZngXj8Mri3tKshu93OB3v3UOmw2Jab4c/Cag7yM06SMoMvJjZO3j9IjZTnJ/v5aymwpmcBz5wWtGGXlAbfqxt2GA54uFIBhJJe7bmLgX7mBdYM1fXV2G+pSiPgkUkHF5eLjmrk4iOBIf3KjrO4KViipkZV87gbAxOtpsD11rqLmylcYD+RhDcQZ8N5jaf13lEClm9jlFq304V4FZFd81i1FexYAllN4fUw0CKzoUTEmGdyhtleYeiJdou5iAMFDVCCLvEa8ccuA3Q6kTRH96vk0wqdkd7H5V6CtA7Cx/zPVNQB1qaDRK0uBIExwmaZsh4AXntkLz40nhfqqJqCl8Hc3UZYayi2lRQa9cVttd5sMs+mE/WhcJiw3kt5gNZgJmKnghorYnfUvaXRc7wZVWUa7x5vxwlb64vruoGRXGwAw7bQcDyX8629lpo+y9rzcMAKxGp+t3prDQMvYINcwlZA05KRPLqeh/cfH9p1ASmdkbYMbxKGWgE0wl3SkAqw/w/kugiNPQ==",
"MIIF2jCCA8KgAwIBAgIBZDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJOTzEqMCgGA1UECgwhVEVTVCAtIEZOSCBvZyBTcGFyZWJhbmtmb3JlbmluZ2VuMRYwFAYDVQQLDA1URVNUIC0gQmFua0lEMR4wHAYDVQQDDBVURVNUIC0gQmFua0lEIFJvb3QgQ0EwHhcNMDkwMzA2MDkyNDMyWhcNMzUwMzA2MDkyNDMyWjBxMQswCQYDVQQGEwJOTzEqMCgGA1UECgwhVEVTVCAtIEZOSCBvZyBTcGFyZWJhbmtmb3JlbmluZ2VuMRYwFAYDVQQLDA1URVNUIC0gQmFua0lEMR4wHAYDVQQDDBVURVNUIC0gQmFua0lEIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCUuJ/b5kyoxlmEl5auQFvHgwWHq4fqmIde2pslLvHfUFHCptXK/DS0zCVfjZfmIipX7x2dmy1zgbeAgp23lWK6LjUuIXC7zAduY9KRCBot8qfUGgPvTh79KC20lMxNEcejiwZQcjgZVxa2qLnDD0O9tiNqs6+jTOHViSNu0JsIAmDmJuLBaGK/JrvxzlFLQA+Y4hKFiH8X3alf/Rtt23fEVg6VqDJII9+djYfAs4kb8T5ClaDYG7cq0ikCEV8lxGyVs5bM4gUSPtNfawMX7GXt6mcyEG+JETP599N+G+3mvfV3zRnpuewvYkJXiGpqnhW0qKoipymEXZaSTtyLu7FA//wQBMYPJL0uOcBEacmMAqzABEmRz7fQDsiegiHbgQrtMci7XQEwJqJB9HqbWD56p6fnfNpFnp93jFJaF+WP8yhKGoi43ESLuZzmjx7+N2f41YIypneW5wRqE7zA4W+r94IensmsOXs1t970AJPs0EtYNCBpJGepyW30HieGt744/3+CFy4ZIEBUeBJDcRP+rI5r02SpCAsFjs159oWJsHmpGJJL42/VlMvVlOTIzvJHsO0wvSVn79n6bbDvUNZKQ2wZTI2Rdzb1/5QL9ETvOGaMjTqg+PGPZDCflXfhat2wlxEysBmBcNULo0cjUoayf3SUlt1G1vRHo4XdwqzUQIDAQABo30wezASBgNVHRMBAf8ECDAGAQH/AgEBMBUGA1UdIAQOMAwwCgYIYIRCARABBAEwDgYDVR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFNNGVyt30mLva8wzxxxcfjOVKqIeMB0GA1UdDgQWBBTTRlcrd9Ji72vMM8ccXH4zlSqiHjANBgkqhkiG9w0BAQsFAAOCAgEAeaNiZw3Hsb8sGWGh+q2vFQ4JrTu+ITmKMNgwb51DgbUAblypmJguTrcoGxQtuyr/GEiGxLhygXJhKqxufTpKJN2qOPdTklquw/adwRSfV7qpEY9C1w0vXl9NaKEbhRhivW3Wcd8VRWO6hjWA9oiReQnODuL5n964VCbsRbn/4NwwsQKYIjGvP5aOdX+9yL6SNAbUOL6UCo81xs0zFEr0RwZ0Z1syNVMVNuAzQ0va2SR+H3dCpbgvRyIYLvyooM+f8cPM+rtgFGwAV2paYbXXUAV1QCa7oDXkvFYGc4L2BH97+TVx80/RHgrkWoh4neFKg+1qQhDrlfSGcrkNMvmCQr4ZG1qATYNEEpQKyL1YhZaF1V6lHOu/VvmUU+hi0PZ0BOqm0m9j40h97PDfkOWJOsBpj81++wIh5UWVPjOgzKW1K2r0uyL0YVQOa0eHSM+bgh8JgFOxiz52c1Qg2KXB0fMT/BuMf8KgFA+xZloFn2lZzAJZe1DuvdocpC0dnzsJvxUzba1jnihsoPfJWgVy3YChElH1147yPdu++SF5wrhMqBRZFcEw3iK39db5ZsFnttVmJUPXSekG+FarEbW18/4jAq6SfMgz6vjL3NKuij+7FrdMR83fo21NaEbf4DS8zRNny6Miad9ZkpepOvglrLDkaMOySxzSiW4ogm4PkwE="
]
},
{
"kid": "T255mIgJqyGKgnvDzJCViC_8kMDVTzRHlZ0IN7dvdRc",
"kty": "EC",
"alg": "ECDH-ES",
"use": "enc",
"x5t#S256": "cmMRqdJD5wEQqZMcK4tw72P0Waphckvcwj6rxzKZX3s",
"x5t": "7e5G2KHSPWXCkiCN1zT_PYdFumA",
"crv": "P-256",
"x5c": [
"MIICrTCCAZWgAwIBAgIGAYt6xNIvMA0GCSqGSIb3DQEBCjAAME0xFzAVBgNVBAMMDlg1Qy1DQS1DVVJSRU5UMQ8wDQYDVQQKDAZCSURCQVgxFDASBgNVBAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzAeFw0yMzEwMjkwOTMwMDFaFw0yNDEwMjgwOTMwMDFaMCcxJTAjBgNVBAMTHENJRFAtMjAyMy0xMC0yOVQxMDozMDowMS4xMzQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQaH1kqn9EBiZbKYVaVb4jH2b6FYI8uLAtVOYxfdRkzxrrZGTB0I44BiLjbagUO0argmT52JBtbMC/RFVZbZ+zBo4GDMIGAMB0GA1UdDgQWBBQzdaf5PSJ+zTxhVC4E69TG7uvQsDAfBgNVHSMEGDAWgBQzdaf5PSJ+zTxhVC4E69TG7uvQsDALBgNVHQ8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQEKMAADggEBAAVlwTzBTFw/S+n+8SSLc0XQKMIM53nN11uJsjKA8GwRXZq+Ut5ZPjf9Cr9cCKamvEdoN+QKRxOovCZSjRwvJ1z8z83Ojipa3N3aazfVKkXmkWU1fHz414nERNNMLif0/9guuwzs21ANaMeF0JpnoeLo1GtZh09Nn7jJoBSEPNtoU3ktOF7PpL6F/hWG6GaaBUJUXHfABPtXz2840fg3cDVbUENQiG5iejwXKCoOfsGO9l9IkRmErV1uV0ioQUoGfrv/J+BQUJzrBiCzHfDeGdx8cMyLIdkcHTqPcRGCp1blEGTWnEfMF1ojkiK8dz51ZX9eSAWRxx/kJ3rIjzj6Tf4=",
"MIIDzzCCAoygAwIBAgIUNzQK0n0gWjv7Sq8O+59F4wuhviQwOAYJKoZIhvcNAQEKMCugDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBME0xFzAVBgNVBAMMDlg1Qy1DQS1DVVJSRU5UMQ8wDQYDVQQKDAZCSURCQVgxFDASBgNVBAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzAeFw0yMjExMTUwMTQ1MDdaFw0zMjExMTIwMTQ1MDdaME0xFzAVBgNVBAMMDlg1Qy1DQS1DVVJSRU5UMQ8wDQYDVQQKDAZCSURCQVgxFDASBgNVBAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQC+Sh0wBeHALAJMipU/pxwLZBUlYpLesu2BpNg7zCv/MFy6gkSd58iDXKltgj9jbErvjZCOqJvi+amlfBkozdSiksbDDFSwjE92vwf0D44fH3EaUDM8AH1aBBzigYOu+jDX9S9i9wX3I0NWZPgGs3hdI/3IqTHwasBrvWuS8NstS8KHkpnqXe7GtM/bpFvltqO6ViqrL7pA+PSMfSSmkAbP+ukucjV+wcCBkPdmrKsnf2NdPKCfzhrsCsDkOgkU1obVvhyhXB6Fkm9RkMdV/pu+gdl7vKGIWHKd6sF3xtB1SDpgvBZdPtrOnSOMkXR3+aExrdgcTq9azCT6JBM/3qsJAgMBAAGjUzBRMB0GA1UdDgQWBBTiLKjoWoAC3zq+7/qGlBMJxJjhKzAfBgNVHSMEGDAWgBTiLKjoWoAC3zq+7/qGlBMJxJjhKzAPBgNVHRMBAf8EBTADAQH/MDgGCSqGSIb3DQEBCjAroA0wCwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAQOCAQEAnnF1e3YKQzH3sVK1ros2ic/H2l3g69xP3cuJ+M+vL+37zesDfZdVHmEvLPEXQACnOmMTEhTJTumecdvWXEfJQdONUKED4WmrAfsrLyy5XmChT5UJyFezx/F1zh52kIVR9ijDtqiCyQL87Z8imK5zhRAQvM7rNNnP1tqjmvMLsVKOqS7GBl/y/GOmWpUg9S6uOBXhJ6tv+JIkCb8YEb9N8l8QlLKQsNaN/+X+o8ZKDOGDq/5xuPmGj6E5pAEY0eG2t+6uMf4tgl0koJ0cXufs9fQXuFNlOGrcqvWSGzz+EaFKVyh2nTnZ78195XmaoyTZy99pARU/x1FrvejLBLz8zw=="
],
"x": "Gh9ZKp_RAYmWymFWlW-Ix9m-hWCPLiwLVTmMX3UZM8Y",
"y": "utkZMHQjjgGIuNtqBQ7RquCZPnYkG1swL9EVVltn7ME"
}
]
}