---
title: OAuth endpoint
description: This page describes the endpoint used by an OAuth authorization server to interface with PingAccess as an OAuth resource server.
component: pingaccess
version: 9.0
page_id: pingaccess:reference_guides:pa_oauth_endpoint
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/reference_guides/pa_oauth_endpoint.html
revdate: November 6, 2023
section_ids:
  paoauthjwks: /pa/oauth/JWKS
---

# OAuth endpoint

This page describes the endpoint used by an OAuth *(tooltip: \<div class="paragraph">
\<p>A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server.\</p>
\</div>)* authorization server to interface with PingAccess as an OAuth resource server.

## /pa/oauth/JWKS

An OAuth authorization server uses this endpoint to acquire PingAccess public keys to encrypt access tokens. The output uses the Internet Engineering Task Force (IETF) JSON Web Token (JWT) *(tooltip: \<div class="paragraph">
\<p>An IETF standard container format for a JSON object used for the secure exchange of content, such as identity or entitlement information. You can find the industry standard in \<a href="https\://datatracker.ietf.org/doc/html/rfc7519">RFC 7519\</a>.\</p>
\</div>)* format for public keys.

|   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | If you selected the **Use context root as reserved resource base path** check box on your PingAccess application, this feature creates an instance of any reserved PingAccess resources under the application's context root. As such, the context root of the application needs to prepend the reserved context application root (`/pa` by default) in any file paths that reference it.If the context root of your application is `myApp`, the path to the OAuth endpoint would be `myApp/pa/oauth/JWKS` instead. |