JWKs

JWKs is a standard endpoint that returns the public part of keys used by the BankID OIDC provider for token signing and encryption of the request parameter.

The standard is described in RFC7517.

BankID OIDC uses two endpoints serving public keys which are found in the OpenID Configuration:

• The jwks_uri returns keys for validating signatures and encrypting the authorization request's request parameter.
• The jwks_uri_enc returns keys for encrypting the login_hint. This endpoint is deprecated.

Points to consider

• Keys returned from these endpoints will be replaced by new keys at specific intervals, a cache control header in the response defines the (minimum) lifetime of the keys. See key rotation for more info.
• Keys supporting new algorithms may be introduced. Removal of used algorithms will be announced.
• kid values will not be reused, these will always be unique values identifying one and one key only.
• Keys will contain validation information so that their source, i.e. BankID OIDC, may be verified.
• Keys will be signed by a BankID OIDC trust certificate, and the certificate chain is available in the x5c field of the key.

For validation of the keys themselves, trust certificates may be downloaded here.

API

Request

GET [jwks_uri]

or

GET [jwks_uri_enc]

Response

The response is a JWKs Keyset with the following structure:

{
  "keys": [
    {
      "kid": "UCE8Wktuqey4tCnQOVOiBbsPTjdUmqSmbtyttDxnxG0",
      "kty": "EC",
      "alg": "ES256",
      "use": "sig",
      "crv": "P-256",
      "x": "-4tGGsaYxxYs15vcX7PS_T7k7Bvluk4FUJUUIEXMILo",
      "y": "Qcyap0mbj_ovqY-B7TCcoiO9hsYFIZ28Kk12mr5CaNw",
      "x5t#S256": "RILfZSUqjiDkWpRnKg1dcK3PrR1OUqp7YO-8ySvVyqQ",
      "x5t": "hPDC7uPNbeXZxMlPPpbWfQNuAaw",
      "x5c": [
        "MIID9DCCAdygAwIBAgIDAp/jMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAk5PMRMwEQYDVQQKDApQcmVQcm9kIEFTMRIwEAYDVQQLDAkxMjM0NTY3ODkxKDAmBgNVBAMMH0JhbmtJRCAtIFByZVByb2QgLSBVdGlsaXR5IENBIDMwHhcNMjQwNTE0MTM1MDAxWhcNMjYwNTE0MTM1MDAxWjA8MQswCQYDVQQGEwJOTzEPMA0GA1UECgwGQmFua0lEMRwwGgYDVQQDDBNCYW5rSUQgT0lEQyBDdXJyZW50MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+4tGGsaYxxYs15vcX7PS/T7k7Bvluk4FUJUUIEXMILpBzJqnSZuP+i+pj4HtMJyiI72GxgUhnbwqTXaavkJo3KOBpTCBojAVBgNVHSAEDjAMMAoGCGCEQgEQAQ4BMDkGCCsGAQUFBwEBBC0wKzApBggrBgEFBQcwAYYdaHR0cHM6Ly92YS1wcmVwcm9kMS5iYW5raWQubm8wDgYDVR0PAQH/BAQDAgbAMB8GA1UdIwQYMBaAFGpVUbRCQ/Qmeor7jSBCtIx6c71vMB0GA1UdDgQWBBTXmT9TdTUedrizJ3ylCPY9b9C+9TANBgkqhkiG9w0BAQsFAAOCAgEAUlyGNGTFwTp4vcQKATKFNFaL0Y46Yverye1fljgX0VPzzBk7Lgb7nBB/405Z6y2AGVE6k/8vOzwpse6ywDSbyg86meHgdgNzxL5TUsUoWsUTgmFhaAEr81aojQqKuEMoor36JHO6+9jc02CbU7PwdBECn9tas4nfhoed2eDh43jiFSWNbgFFJ2LGipt+4BFZf8tPFsrex8D5najckOJJ1vLg83Li1BwFLnskJmZPzhjj/1NhGhlYYus4aiM5luu5vO4Y/ABBD7hNgvCbVYcuJl5iuVTOKqheKB2L0OrwgSqymot+WEqGTYKvd/d5I7FqB5T5QS1XtFKeJSb+fFRuYEUvyaEcA2R1KyuGXhF0XPyXfQ616nKiZ67CRF3J29L6Hjo8CFCVax9nu987DuRZtXOPQZbcJ9ro04S6zHgo1QgDzcw8zkdvYE3rvbYn/8Rfjonb6ELpY1uRb0irpnGIKxT/j5hquJuxaDfwYFAP2XwcnHfrSICUKV6aswPyjOj79qJXB25vHF/QRZdrM+E+a/1FXEL9J2Mwauq3n7gDmdQvgDrzTiCZ7fRJThcw2uChAG7e4+FF/9GrXjKhXJcJqsh0XVY3xDMmTN1ehIRSyf33EXHNkSWYxK14+gEM5w1pSbyHvdcD4e0eLNQaFES0CR5vpzrCx0DeQY8s3vhSg3k=",
        "MIIFyjCCA7KgAwIBAgICB9MwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCTk8xKjAoBgNVBAoMIVRFU1QgLSBGTkggb2cgU3BhcmViYW5rZm9yZW5pbmdlbjEWMBQGA1UECwwNVEVTVCAtIEJhbmtJRDEeMBwGA1UEAwwVVEVTVCAtIEJhbmtJRCBSb290IENBMB4XDTIxMDIxNzE0NTAxNFoXDTMzMDIxNzE0NTAxNFowYDELMAkGA1UEBhMCTk8xEzARBgNVBAoMClByZVByb2QgQVMxEjAQBgNVBAsMCTEyMzQ1Njc4OTEoMCYGA1UEAwwfQmFua0lEIC0gUHJlUHJvZCAtIFV0aWxpdHkgQ0EgMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANH+P0jxNDtWwbvPsSIdn+tTb805OzdgkYBh28l3imVHj43Vuly3rMzx9pO4oeTOfwQhaBMX/N/b0+oXa8e8HvrpD6ez9nrqvC1QUo80hLcg83V236A444VUlklWX4lKXlD3iMtG8dQgytdyDub0u3uq8scIdEBOjkPxj0Gt9yJLDmY+VdPDpH8HkwlxJHmiNP/cwS33ALWizrRVfNL0Y7uoleTb7FeaMfBSbYJQI3NTKoBcJFNDXgmUtbaI94AgNDP6haIipGFuCjek3Y0+mZWT9Ky7K8OkbAV00rjEAxV0YPNcHJz6O/0DEq0KElB6rpDukyWCqwpTXJ3C54LODnDjSAxmA6RlyTdgpkSTGMjCxOWdDFrBscN4ReAqym6jwUDdBzpJkWk/6MccqoShme0iznVW51XB4YZd8kq99UfTHgLs8qgsqPFxJ38CbcPxfeh74KpEL7XMn73iB06i7U+NQgLncFCY4Zi+s5W2/9K9D/aiFMwXuuDRU44HSO4InX0+xbl5y8zHRlNWyHdioMxITXeNO6isekNxdUAxJrztG1soPxjl4qGyGecTh3+9W+oOypiTyvFxs3xVOfXhwmFTqJapqVqXv9ED/W6WKGOsM4kLEn6aK0zQc3bg30ymAbkFnGPyi8uIAqze5FTBkyZkgD+bzMqTlDzOPtZdn4V3AgMBAAGjfTB7MBIGA1UdEwEB/wQIMAYBAf8CAQAwFQYDVR0gBA4wDDAKBghghEIBEAEHATAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAU00ZXK3fSYu9rzDPHHFx+M5Uqoh4wHQYDVR0OBBYEFGpVUbRCQ/Qmeor7jSBCtIx6c71vMA0GCSqGSIb3DQEBCwUAA4ICAQCX5EMiVrcbZNh3ImTF8xOJTLrjGy05hZLO9eRlacfnqLkoQvPRNBhZ3DEf8G2efqH406UTN4SZ34RYCRl9wP+R7+aZd/GSPEc4NU0/Nlatixvvxsr8Shxc1LBHxa1fiGVSWS9Evxxmcgn5reJ86sbinlhgKdpxHwdhWJZngXj8Mri3tKshu93OB3v3UOmw2Jab4c/Cag7yM06SMoMvJjZO3j9IjZTnJ/v5aymwpmcBz5wWtGGXlAbfqxt2GA54uFIBhJJe7bmLgX7mBdYM1fXV2G+pSiPgkUkHF5eLjmrk4iOBIf3KjrO4KViipkZV87gbAxOtpsD11rqLmylcYD+RhDcQZ8N5jaf13lEClm9jlFq304V4FZFd81i1FexYAllN4fUw0CKzoUTEmGdyhtleYeiJdou5iAMFDVCCLvEa8ccuA3Q6kTRH96vk0wqdkd7H5V6CtA7Cx/zPVNQB1qaDRK0uBIExwmaZsh4AXntkLz40nhfqqJqCl8Hc3UZYayi2lRQa9cVttd5sMs+mE/WhcJiw3kt5gNZgJmKnghorYnfUvaXRc7wZVWUa7x5vxwlb64vruoGRXGwAw7bQcDyX8629lpo+y9rzcMAKxGp+t3prDQMvYINcwlZA05KRPLqeh/cfH9p1ASmdkbYMbxKGWgE0wl3SkAqw/w/kugiNPQ==",
        "MIIF2jCCA8KgAwIBAgIBZDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJOTzEqMCgGA1UECgwhVEVTVCAtIEZOSCBvZyBTcGFyZWJhbmtmb3JlbmluZ2VuMRYwFAYDVQQLDA1URVNUIC0gQmFua0lEMR4wHAYDVQQDDBVURVNUIC0gQmFua0lEIFJvb3QgQ0EwHhcNMDkwMzA2MDkyNDMyWhcNMzUwMzA2MDkyNDMyWjBxMQswCQYDVQQGEwJOTzEqMCgGA1UECgwhVEVTVCAtIEZOSCBvZyBTcGFyZWJhbmtmb3JlbmluZ2VuMRYwFAYDVQQLDA1URVNUIC0gQmFua0lEMR4wHAYDVQQDDBVURVNUIC0gQmFua0lEIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCUuJ/b5kyoxlmEl5auQFvHgwWHq4fqmIde2pslLvHfUFHCptXK/DS0zCVfjZfmIipX7x2dmy1zgbeAgp23lWK6LjUuIXC7zAduY9KRCBot8qfUGgPvTh79KC20lMxNEcejiwZQcjgZVxa2qLnDD0O9tiNqs6+jTOHViSNu0JsIAmDmJuLBaGK/JrvxzlFLQA+Y4hKFiH8X3alf/Rtt23fEVg6VqDJII9+djYfAs4kb8T5ClaDYG7cq0ikCEV8lxGyVs5bM4gUSPtNfawMX7GXt6mcyEG+JETP599N+G+3mvfV3zRnpuewvYkJXiGpqnhW0qKoipymEXZaSTtyLu7FA//wQBMYPJL0uOcBEacmMAqzABEmRz7fQDsiegiHbgQrtMci7XQEwJqJB9HqbWD56p6fnfNpFnp93jFJaF+WP8yhKGoi43ESLuZzmjx7+N2f41YIypneW5wRqE7zA4W+r94IensmsOXs1t970AJPs0EtYNCBpJGepyW30HieGt744/3+CFy4ZIEBUeBJDcRP+rI5r02SpCAsFjs159oWJsHmpGJJL42/VlMvVlOTIzvJHsO0wvSVn79n6bbDvUNZKQ2wZTI2Rdzb1/5QL9ETvOGaMjTqg+PGPZDCflXfhat2wlxEysBmBcNULo0cjUoayf3SUlt1G1vRHo4XdwqzUQIDAQABo30wezASBgNVHRMBAf8ECDAGAQH/AgEBMBUGA1UdIAQOMAwwCgYIYIRCARABBAEwDgYDVR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFNNGVyt30mLva8wzxxxcfjOVKqIeMB0GA1UdDgQWBBTTRlcrd9Ji72vMM8ccXH4zlSqiHjANBgkqhkiG9w0BAQsFAAOCAgEAeaNiZw3Hsb8sGWGh+q2vFQ4JrTu+ITmKMNgwb51DgbUAblypmJguTrcoGxQtuyr/GEiGxLhygXJhKqxufTpKJN2qOPdTklquw/adwRSfV7qpEY9C1w0vXl9NaKEbhRhivW3Wcd8VRWO6hjWA9oiReQnODuL5n964VCbsRbn/4NwwsQKYIjGvP5aOdX+9yL6SNAbUOL6UCo81xs0zFEr0RwZ0Z1syNVMVNuAzQ0va2SR+H3dCpbgvRyIYLvyooM+f8cPM+rtgFGwAV2paYbXXUAV1QCa7oDXkvFYGc4L2BH97+TVx80/RHgrkWoh4neFKg+1qQhDrlfSGcrkNMvmCQr4ZG1qATYNEEpQKyL1YhZaF1V6lHOu/VvmUU+hi0PZ0BOqm0m9j40h97PDfkOWJOsBpj81++wIh5UWVPjOgzKW1K2r0uyL0YVQOa0eHSM+bgh8JgFOxiz52c1Qg2KXB0fMT/BuMf8KgFA+xZloFn2lZzAJZe1DuvdocpC0dnzsJvxUzba1jnihsoPfJWgVy3YChElH1147yPdu++SF5wrhMqBRZFcEw3iK39db5ZsFnttVmJUPXSekG+FarEbW18/4jAq6SfMgz6vjL3NKuij+7FrdMR83fo21NaEbf4DS8zRNny6Miad9ZkpepOvglrLDkaMOySxzSiW4ogm4PkwE="
      ]
    },
    {
      "kid": "T255mIgJqyGKgnvDzJCViC_8kMDVTzRHlZ0IN7dvdRc",
      "kty": "EC",
      "alg": "ECDH-ES",
      "use": "enc",
      "x5t#S256": "cmMRqdJD5wEQqZMcK4tw72P0Waphckvcwj6rxzKZX3s",
      "x5t": "7e5G2KHSPWXCkiCN1zT_PYdFumA",
      "crv": "P-256",
      "x5c": [
        "MIICrTCCAZWgAwIBAgIGAYt6xNIvMA0GCSqGSIb3DQEBCjAAME0xFzAVBgNVBAMMDlg1Qy1DQS1DVVJSRU5UMQ8wDQYDVQQKDAZCSURCQVgxFDASBgNVBAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzAeFw0yMzEwMjkwOTMwMDFaFw0yNDEwMjgwOTMwMDFaMCcxJTAjBgNVBAMTHENJRFAtMjAyMy0xMC0yOVQxMDozMDowMS4xMzQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQaH1kqn9EBiZbKYVaVb4jH2b6FYI8uLAtVOYxfdRkzxrrZGTB0I44BiLjbagUO0argmT52JBtbMC/RFVZbZ+zBo4GDMIGAMB0GA1UdDgQWBBQzdaf5PSJ+zTxhVC4E69TG7uvQsDAfBgNVHSMEGDAWgBQzdaf5PSJ+zTxhVC4E69TG7uvQsDALBgNVHQ8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQEKMAADggEBAAVlwTzBTFw/S+n+8SSLc0XQKMIM53nN11uJsjKA8GwRXZq+Ut5ZPjf9Cr9cCKamvEdoN+QKRxOovCZSjRwvJ1z8z83Ojipa3N3aazfVKkXmkWU1fHz414nERNNMLif0/9guuwzs21ANaMeF0JpnoeLo1GtZh09Nn7jJoBSEPNtoU3ktOF7PpL6F/hWG6GaaBUJUXHfABPtXz2840fg3cDVbUENQiG5iejwXKCoOfsGO9l9IkRmErV1uV0ioQUoGfrv/J+BQUJzrBiCzHfDeGdx8cMyLIdkcHTqPcRGCp1blEGTWnEfMF1ojkiK8dz51ZX9eSAWRxx/kJ3rIjzj6Tf4=",
        "MIIDzzCCAoygAwIBAgIUNzQK0n0gWjv7Sq8O+59F4wuhviQwOAYJKoZIhvcNAQEKMCugDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBME0xFzAVBgNVBAMMDlg1Qy1DQS1DVVJSRU5UMQ8wDQYDVQQKDAZCSURCQVgxFDASBgNVBAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzAeFw0yMjExMTUwMTQ1MDdaFw0zMjExMTIwMTQ1MDdaME0xFzAVBgNVBAMMDlg1Qy1DQS1DVVJSRU5UMQ8wDQYDVQQKDAZCSURCQVgxFDASBgNVBAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQC+Sh0wBeHALAJMipU/pxwLZBUlYpLesu2BpNg7zCv/MFy6gkSd58iDXKltgj9jbErvjZCOqJvi+amlfBkozdSiksbDDFSwjE92vwf0D44fH3EaUDM8AH1aBBzigYOu+jDX9S9i9wX3I0NWZPgGs3hdI/3IqTHwasBrvWuS8NstS8KHkpnqXe7GtM/bpFvltqO6ViqrL7pA+PSMfSSmkAbP+ukucjV+wcCBkPdmrKsnf2NdPKCfzhrsCsDkOgkU1obVvhyhXB6Fkm9RkMdV/pu+gdl7vKGIWHKd6sF3xtB1SDpgvBZdPtrOnSOMkXR3+aExrdgcTq9azCT6JBM/3qsJAgMBAAGjUzBRMB0GA1UdDgQWBBTiLKjoWoAC3zq+7/qGlBMJxJjhKzAfBgNVHSMEGDAWgBTiLKjoWoAC3zq+7/qGlBMJxJjhKzAPBgNVHRMBAf8EBTADAQH/MDgGCSqGSIb3DQEBCjAroA0wCwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAQOCAQEAnnF1e3YKQzH3sVK1ros2ic/H2l3g69xP3cuJ+M+vL+37zesDfZdVHmEvLPEXQACnOmMTEhTJTumecdvWXEfJQdONUKED4WmrAfsrLyy5XmChT5UJyFezx/F1zh52kIVR9ijDtqiCyQL87Z8imK5zhRAQvM7rNNnP1tqjmvMLsVKOqS7GBl/y/GOmWpUg9S6uOBXhJ6tv+JIkCb8YEb9N8l8QlLKQsNaN/+X+o8ZKDOGDq/5xuPmGj6E5pAEY0eG2t+6uMf4tgl0koJ0cXufs9fQXuFNlOGrcqvWSGzz+EaFKVyh2nTnZ78195XmaoyTZy99pARU/x1FrvejLBLz8zw=="
      ],
      "x": "Gh9ZKp_RAYmWymFWlW-Ix9m-hWCPLiwLVTmMX3UZM8Y",
      "y": "utkZMHQjjgGIuNtqBQ7RquCZPnYkG1swL9EVVltn7ME"
    }
  ]
}