Retrieve SPIFFE JWKS for current Org

GET

https://nico-rest-api.nico.svc.cluster.local/v2/org/:org/nico/site/:siteID/.well-known/spiffe/jwks.json

SPIFFE trust-domain JWKS — same key material as the OIDC JWKS but with use: jwt-svid for SPIFFE-native verifiers. No authentication required.

Not-configured and malformed-body behavior matches the OIDC JWKS endpoint.

Path parameters

orgstringRequired

Name of the Org

siteIDstringRequiredformat: "uuid"

ID of the Site

Response

SPIFFE JWKS document.

keyslist of objects

RFC 7517 JWK members. NICo currently emits only EC keys (kty: EC, crv: P-256, alg: ES256); the schema is intentionally open-ended so that future algorithms can be added without a spec change.

Errors

404

Not Found Error

500

Internal Server Error

502

Bad Gateway Error

503

Service Unavailable Error

1	{
2	"keys": [
3	{
4	"kty": "EC",
5	"use": "jwt-svid",
6	"crv": "P-256",
7	"kid": "a1b2c3d4e5f6g7h8i9j0",
8	"x": "f83OJ3D2xF4v7Q9X9Z1v3Q",
9	"y": "x_FEzRu9v5J7Q2X9Y2Z3W4A",
10	"alg": "ES256"
11	}
12	]
13	}