OAuth JWT Provider

RFC-compliant JWT generator for testing authorization servers

Client ID

https://oauth-jwt-provider.seriousben.workers.dev/oauth-client

JWKS URI

https://oauth-jwt-provider.seriousben.workers.dev/jwks

GET /oauth-client Client ID Metadata Document ▶

OAuth 2.0 Client ID Metadata Document - authorization servers discover client metadata by dereferencing the client_id URL

Response:

GET /jwks Public keys (JWKS) ▶

JSON Web Key Set containing public keys for JWT signature verification

Response:

POST /client-id-document-token Client ID Metadata JWT ▶

Generate private_key_jwt using Client ID Metadata Document. Configure metadata (redirect_uris, scope, grant_types) and token claims (aud, exp) below.

Client Metadata (affects client_id URL)

Redirect URIs (one per line) - for authorization_code flow

Scope

Grant Types (comma-separated)

Client Name

Token Claims

Audience (aud) - optional (comma-separated for array)

Expiration (exp) - optional (seconds, default: 3600)

Generated Client ID:

Token Response:

POST /private-key-jwt-token Standard private_key_jwt ▶

Generate standard private_key_jwt with custom client_id, audience, scope, and expiration

Client ID - optional

Audience (aud) - optional (comma-separated for array)

Scope - optional

Expiration (exp) - optional (seconds, default: 3600)

Request:

Response:

⚠️ Testing Only

Static keys are hardcoded in the codebase. Not for production use.