JSON Web Keys
Cryptographic Keys
Axioms uses cryptographic keys to create a digitally signed token as well as for token and data encryption. These keys are unique for each tenant and are stored in JSON Web Keys (JWK) format in tenant database.
Key Types
Axioms support three key types: RSA, EC, and oct. For more information please review JSON Web Algorithms
Create new key
When you create a new tenant, Axioms platform will automatically create a new set of default keys of type RSA, EC, and oct. So you typically don't need to create a new key. That
said, depending on your need you can manually create new keys and set them as default.
🔵 You can have as many crypto keys you want, but for each key type there can be only one default key. Default keys are rotated periodically.
🔴 If needed you can ⚡deactivate⚡ an existing key through UI. Before you deactivate an existing key make sure there is at-least one active and default key of given key type.
JWKS URI
JSON Web Key Set (JWKS) is a set of keys containing the public keys of key type RSA or EC that can be used to verify the signed JWT tokens. JWKS URI for a given tenant domain are available at,
https://{domain}/oauth2/.well-known/jwks.jsonYou can also find the JWKS endpoint programmatically using your OpenID Connect Discovery endpoint and look for jwks_uri parameter.
https://{domain}/oauth2/.well-known/openid-configuration