JWKS endpoint set CORS

Hello Greetings,

I’m using auth0.js library in my SPA.

I would like to know is it possible to set CORS origin for JWKS endpoint https://MY_AUTH0_DOMAIN/.well-known/jwks.json

If so where can I set the CORS origin of my application (eg: https://abc.com) for the JWKS endpoint so that only that application is able to make the call to the JWKS endpoint

Thanks in advance.


Hi @pnoel

What is the use case for this? The JSON web key set is designed to be publically consumed, why are you hiding it?


1 Like

Hi @john.gateley

Thanks for your reply.

The use case was I wanted the JWKS endpoint to be called from my web application origin alone. and not to be called from another unknown web application origin to add an extra level of security.

So my understanding is there’s no way to set the CORS for JWKS endpoint since it’s designed that way.

Thank you for your clarification,


1 Like

We are here for you!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.