How to find the cert or public key in okta JWK endpoint?

Hi Expert,

I have a special case here. Given the jwks_uri : https://dev-850216.okta.com/oauth2/default/v1/keys
I am not able to find x5c.
Is there a way for me to retrieve the public cert in Okta ?
In this section :
https://developer.okta.com/docs/guides/validate-access-tokens/go/overview/#what-to-check-when-validating-an-access-token which mentioned about

You verify the Access or ID token’s signature by matching the key that was used to sign in with one of the keys that you retrieved from your Okta Authorization Server’s JWK endpoint. Specifically, each public key is identified by a kid attribute, which corresponds with the kid claim in the Access or ID token header.

Where can I find the public key or cert ?

1 Like

I think you want this?

{{url}}/api/v1/apps/{{appId}}/credentials/keys/{{keyId}}

thanks for your response. I do not understand your comments. I am a newbie in okta.
what do you mean :
{{url}}/api/v1/apps/{{appId}}/credentials/keys/{{keyId}} ?
I think the url should be : [https://dev-850216.okta.com]… I do not know what ia appId

This is out of my jwks:
{
“kid”: “XI5pBOeLB_wLXwfl7KaEWjidtLqxUUtB6YF3kVPdVT0”
“use”: “sig”
“e”: “AQAB”
“n”: “i6pF-t_uSN6usYYM5n_SkAodvty2GhGrwTr4DZtGjBlqNh11vXXMTQ3gL2jlo1JCWkU-mNjE8SKoHKlt5okXHiFK_AbBRfOT4mRxLDWFI6T0-rA5MyHj80mFw1cEzlOVF4IxiO44xcjQJduDNuZKHiM5uAJZi6T_295yDp1jZGMZRWuWfMBh_9uxiFHENpulWRTtTgoi9ZZ1KH9znczXb0BPAUH1UHn624NtU1h8GGwGZ3vBHOlXtayFQysvazWiD2RGGG-p7cik3no78Ip_r19ilfWfb3XPizM3XikStzfVMFovIAZsWFZqObWxaXDVcdOSfh7XJwlNcNDaxjhvLQ”
}

See the API call here under “List Applications Using Key”
https://developer.okta.com/docs/reference/api/apps/#list-applications-using-a-key

Thanks for your comment.
ok. Forgive my ignorance here. It seems it is very complicated to achieve a simple task I want to do here. I am using outbox of Okta’s Oauth2 Server a single point to do simple integration. The reason I need this public key or cert so that I can verify in elsewhere. Why the default Authorization Server does not publish x5c as part of the jwks_uri in the metaapi. I have done simple integration with Microsoft’s Azure and Oracle’s IDCS as well. They all seems to have this x5c.