JSON Web Key Set (JWKS)
Learn about the JWKS used by the Session API.
The Prelude Session API uses JSON Web Key Sets (JWKS) for secure cryptographic operations, particularly for signing and verifying JSON Web Tokens (JWTs) used in the authentication process.
What is a JWKS?
A JSON Web Key Set (JWKS) is a JSON data structure that represents a set of cryptographic keys. The JWK specification is defined in RFC 7517 and provides a standardized format for representing cryptographic keys used in various security operations.
How Prelude Uses JWKS
Prelude Session API uses JWKS primarily for:
- Signing Access Tokens: When a user authenticates, the API generates a JWT access token signed with a private key.
- Token Verification: Client applications can use the corresponding public key to verify the authenticity of tokens.
JWKS Endpoint
Prelude provides a public endpoint to retrieve the JWKS used for token verification for your application: https://<app_id>.session.prelude.dev/.well-known/jwks.json
.