Skip to main content

(Optional) How to host a Public JWKS

Optional Guide: Hosting a Public JWKS

This guide explains how to publish a standards-compliant public JWK (JSON Web Key Set) endpoint at: https://YOUR-DOMAIN/.well-known/keys.json using Netlify for hosting.

1. Create a Local Site Folder

Create your own jwk-site/ folder anywhere on your device that includes three folders. The directory structure should look like this:

jwk-site/
├── index.html
├── keys.json
└── _redirects

2. Add Your Keys to keys.json

Copy and paste the public key you generated into this file, matching the format below. Here is an example of a JSON output with two keys included:

{
  "keys": [
    /// EXAMPLE KEY 1
    {
      "kty": "EC",
      "crv": "P-256",
      "x": "aBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFgHiJkLmNoPq",
      "y": "zYxWvUtSrQpOnMlKjIhGfEdCbAzYxWvUtSrQpOnM",
      "kid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx",
      "iat": 1234567890
    },
    /// EXAMPLE KEY 2
    {
      "kty": "EC",
      "crv": "P-256",
      "x": "aBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFgHiJkLmNoPq",
      "y": "zYxWvUtSrQpOnMlKjIhGfEdCbAzYxWvUtSrQpOnM",
      "kid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx",
      "iat": 1234567890
    }
  ]
}

If you downloaded the file, skip to step 5. Otherwise continue with steps 3 & 4.

3. Create _redirects file

In the _redirects file, add this line to include any hidden files:

/.well-known/keys.json /keys.json 200

*Note: _redirects does not have a file extension

4. Create index.html

Include the following in your index.html file so this folder can be recognized as a valid site:

<!doctype html>
<html>
  <body>
    <h1>Public key endpoint</h1>
    <p>See /.well-known/keys.json</p>
  </body>
</html>

5. Deploy via Netlify

Go to https://app.netlify.com and create an account if you don't already have one

Click Add New Site --> Deploy Manually

Drag the entire jwk-site folder into the drop area

  • You can also zip the folder and upload the zip)

After deployment, Netlify will give you a URL with a random name, structured as:

https://<RANDOM-NAME>.netlify.app

Test your URL in browser, replacing <RANDOM-NAME> with your generated URL name:

https://<RANDOM-NAME>.netlify.app/.well-known/keys.json

If the web page displays your JSON, setup is complete