API

A public endpoint for GOV.UK One Login to retrieve the credential issuer’s JSON Web Key Set (JWKS) of public keys which can be used to verify the the pre-authorised code.

/.well-known/jwks.json

get

A public endpoint that returns the service’s public keys in JSON Web Key Set (JWKS) format. These keys are used to verify the signature of JWTs issued by the service.

Responses

Status Description Schema

200

Status	Description	Schema
200	Credential issuer’s JWKS. application/json `{ "keys": [ { "kty": "EC", "use": "sig", "crv": "P-256", "kid": "5dcbee863b5d7cc30c9ba1f7393dacc6c16610782e4b6a191f94a7e8b1e1510f", "x": "6jCKX_QRrmTeEJi-uiwcYqu8BgMgl70g2pdAst24MPE", "y": "icPzjbSk6apD_SNvQt8NWOPlPeGG4KYU55GfnARryoY", "alg": "ES256" } ] }`	JwksResponse

Credential issuer’s JWKS.

application/json

{
  "keys": [
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "5dcbee863b5d7cc30c9ba1f7393dacc6c16610782e4b6a191f94a7e8b1e1510f",
      "x": "6jCKX_QRrmTeEJi-uiwcYqu8BgMgl70g2pdAst24MPE",
      "y": "icPzjbSk6apD_SNvQt8NWOPlPeGG4KYU55GfnARryoY",
      "alg": "ES256"
    }
  ]
}

JwksResponse

Schemas

JwksResponse

Name	Type	Required	Description	Schema
keys	array	true	A set of public keys, each in JSON Web Key (JWK) format.	Key

Key

Name	Type	Required	Description
kty	string	true	Key Type. The family of cryptographic algorithms used with the key.
kid	string	true	Key ID. Unique identifier to match a specific key.
crv	string	true	Curve. Cryptographic curve used with the key.
x	string	true	The “x” coordinate for the elliptic curve point.
y	string	true	The “y” coordinate for the elliptic curve point.
alg	string	true	Algorithm. The cryptographic algorithm used with the key.
use	string	true	The intended use of the key.

This page was last reviewed on 11 June 2026. It needs to be reviewed again on 11 December 2026 by the page owner #di-mobile-wallet-tech-docs .