Jwks
Exposes the server's JSON Web Key Set (JWKS). This endpoint publishes the RSA public key used to sign access tokens (RS256). Clients can retrieve the key at the well-known path and verify JWT signatures using the matching kid. Path: /.well-known/jwks.json Content-Type: application/json The returned JSON has the shape: { "keys": [ { "kty":"RSA", "kid":"...", "alg":"RS256", "use":"sig", "n":"...", "e":"..." } ] } where: - kty: key type (RSA) - kid: key identifier corresponding to the JWT header kid - alg: intended signing algorithm (RS256) - use: public key use (sig) - n: modulus (base64url without leading sign byte) - e: exponent (base64url)