JwksLoad()
Parses a JWKS (JSON Web Key Set) — a JSON document containing multiple public keys, commonly published by OAuth/OIDC providers like Auth0, Okta, and Google at their /.well-known/jwks.json endpoint.
Returns an array of JWK structs.
Requires Extension: Crypto Extension
JwksLoad( source=string );
Returns: Array
| Argument | Description |
|---|---|
|
source
string,
required
|
edit
JWKS URL (https://...) or raw JSON string containing a keys array |
Examples
edit// Parse a JSON Web Key Set (JWKS) - a JSON document containing multiple public keys
// Commonly used to verify JWTs from OAuth/OIDC providers like Auth0, Okta, Google, etc.
// Simulate a JWKS (in production, you'd fetch this from the provider's JWKS endpoint)
rsaKp = GenerateKeyPair( "RSA" );
ecKp = GenerateKeyPair( "EC" );
rsaJwk = serializeJSON( KeyToJwk( rsaKp.public ) );
ecJwk = serializeJSON( KeyToJwk( ecKp.public ) );
jwksJson = '{"keys":[' & rsaJwk & ',' & ecJwk & ']}';
// Parse the JWKS into an array of JWK structs
keys = JwksLoad( jwksJson );
// keys is an array of structs, one per key
// Full JWT verification workflow with JWKS:
// 1. Provider signs a JWT with their private key
token = JwtSign( { sub: "user123", iss: "provider" }, rsaKp.private );
// 2. Consumer fetches the provider's JWKS and finds the right key
// (in production, match by "kid" header)
keys = JwksLoad( jwksJson );
publicKey = JwkToKey( keys[ 1 ] );
// 3. Verify the token
claims = JwtVerify( token, publicKey );
// claims.sub == "user123"
See also
- Cryptography
- JwkToKey()
- JwtVerify()
- Search Issue Tracker open_in_new
- Search Lucee Test Cases open_in_new (good for further, detailed examples)