How does jwt.io (any client implementation) know where to fetch the public key to verify JWT signature? I used a JWT in the debugger signed using public key retrievable from a jwks endpoint. The payload does have the configuration endpoint (iss claim) but just curious to know what is the logic to go…

How does the jwt.io debugger know where to fetch public key

thijmen96 February 24, 2020, 11:54am 2

Auth0 uses the JSON Web Key (JWK) specification, so the public key is stored in a “well known” place. JWT.io then simply makes an educated guess based on iss.

The key is stored in https://your_domain/.well-known/jwks.json.

2 Likes

Topic		Replies	Views
How does the beta of the new debugger find the JWKS for a given issuer? JWT.io	1	102	March 17, 2025
Where is the Auth0 public key to be used in jwt.io to verify the signature of a RS256 token? Get Help auth0 , certificate , jwtio , rsa	6	41915	September 15, 2022
Where are jwks key IDs obtained from - anywhere in the auth0 GUI? JWT.io node , jwks	2	6141	March 5, 2020
Verify JWT token received from auth0 JWT.io jwt , auth0	4	22524	January 12, 2020
Confusion about the JWKS Get Help	6	2715	February 24, 2022

How does the jwt.io debugger know where to fetch public key

Related topics