An OAuth authorization server uses this endpoint to acquire PingAccess public keys to encrypt access tokens. The output uses the Internet Engineering Task Force (IETF) JSON Web Token (JWT) format for public keys.


If you selected the Use context root as reserved resource base path check box on your PingAccess application, this feature creates an instance of any reserved PingAccess resources under the application’s context root. As such, the context root of the application needs to prepend the reserved context application root (/pa by default) in any file paths that reference it.

If the context root of your application is myApp, the path to the OAuth endpoint would be myApp/pa/oauth/JWKS instead.