Native app RS256 key not appearing in JWKS /.well-known/jwks.json

We have multiple environments + web and native clients., resulting in a couple of Auth0 Applications configured. The Applications that are of type Machine to Machine are listed in our /.well-known/jwks.json but the Applications of type Native aren’t included in this list (although they, too, have RS256 set).

We could grab the Native Applications certifications through the configurations Advanced Settings > Certificates section and add them to our AllowList by hand, but having a JWKS list that can be updated periodically and keeps track of any Application changes is a charm.

Is there a setting we’re missing to add our Native Application keys to the JWKS?

Hi @henning.wagner ,

Welcome to the Community!

This doc describes all of the ways you can get your client secrets and signing keys.

1 Like


Can you share a little bit more about what you’re seeing in jwks.json? I don’t generally expect to see applications listed there, just the JWK representations for the tenant as a whole.

I checked my own tenant and the x5t in ./well-known/jwks.json is the same as the certificate available in the certificate tab of the advanced settings of native applications.



Hi @dan.woda , hi @matt.macadam,

thanks for the warm welcome and thanks Dan for the docs link. Combined with your feedback, Matt, set me into the right direction.

My bad: I was mistaking the list of keys (2x in my orgs jwks.json) with some amount of configured Applications and that was wrong. It’s the tenants keys, – thanks for pointing that out!

(And having one key Currently Used and one in status Next In Queue as shown in the Tenant Settings > Signing Keys leads to exactly what /.well-known/jwks.json is showing us.)

Thanks and take care!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.