Retrieve OIDC JWKS for current Org

GET

https://nico-rest-api.nico.svc.cluster.local/v2/org/:org/nico/site/:siteID/.well-known/jwks.json

Public RFC 7517 JSON Web Key Set for JWT-SVID signature verification (use: sig). No authentication required.

NICo currently issues ES256 signatures over P-256 keys. Returns 404 Not Found when no identity configuration exists for this org/site, and 502 Bad Gateway when the Core gRPC API returns a malformed body. See the Tenant Identity tag description for consumer guidance during key rotation.

Public RFC 7517 JSON Web Key Set for JWT-SVID signature verification (`use: sig`). No authentication required. NICo currently issues `ES256` signatures over `P-256` keys. Returns `404 Not Found` when no identity configuration exists for this org/site, and `502 Bad Gateway` when the Core gRPC API returns a malformed body. See the Tenant Identity tag description for consumer guidance during key rotation.

Path parameters

orgstringRequired

Name of the Org

siteIDstringRequiredformat: "uuid"

ID of the Site

Response

JWKS document.

keyslist of objects

RFC 7517 JWK members. NICo currently emits only EC keys (kty: EC, crv: P-256, alg: ES256); the schema is intentionally open-ended so that future algorithms can be added without a spec change.

Errors

404

Not Found Error

500

Internal Server Error

502

Bad Gateway Error

503

Service Unavailable Error

1	{
2	"keys": [
3	{
4	"kty": "EC",
5	"use": "sig",
6	"crv": "P-256",
7	"kid": "a1b2c3d4e5f67890123456789abcdef0",
8	"x": "f83OJ3D2xF4v1Q6X9J7vZ9Q1X9v7Q2X9v7Q1X9v7Q2X9v7Q1",
9	"y": "x_FEzRu9v7Q1X9v7Q2X9v7Q1X9v7Q2X9v7Q1X9v7Q2X9v7Q1X",
10	"alg": "ES256"
11	}
12	]
13	}