Layer7 API Management

I am using jwt access and id tokens and created following endpoints.

1. /auth/oauth/v2/token : generates jwt access and id token. Generates refresh token
2. /auth/validate/access_token : validates access token using OTK Required OAuth 2.0 Token assertion
3. /auth/validate/id_token: validates id token using Decode Json Web Token assertion


I want to know if I need to create or use existing any other endpoints which are required and related to complete jwt access token and jwt id token flow. Do I also need to create JWKs public keys using Create Json Web Key assertion ? If yes, please share the sample policy for the same and how it will be used by client application ?

------------------------------
Technology Lead
Infosys Limited
------------------------------

The OTK has a out of the box endpoint for JWKS uri  discovery at /openid/connect/jwks.json that can can used.
Original Message:
Sent: 05-19-2020 09:14 AM
From: Sachin Ghumbre
Subject: All endpoints needed for jwt access and id token

I am using jwt access and id tokens and created following endpoints.

1. /auth/oauth/v2/token : generates jwt access and id token. Generates refresh token
2. /auth/validate/access_token : validates access token using OTK Required OAuth 2.0 Token assertion
3. /auth/validate/id_token: validates id token using Decode Json Web Token assertion


I want to know if I need to create or use existing any other endpoints which are required and related to complete jwt access token and jwt id token flow. Do I also need to create JWKs public keys using Create Json Web Key assertion ? If yes, please share the sample policy for the same and how it will be used by client application ?

------------------------------
Technology Lead
Infosys Limited
------------------------------