JWKS
Public keys for verifying OAuth access token signatures.
GET
Access tokens are JWTs signed with
Response is cached for 300 seconds (
ES256. Resource servers verify a token’s signature by matching its header kid against a key in this document.
Both active and retiring keys are published, so tokens signed before a key rotation still verify. retired keys are omitted, since any token they signed has already expired.
Cache-Control: public, max-age=300).