Retrieve JSON Web Key Set (JWKS)

Fetches the public keys that can be used to verify JWTs signed by Prolific. Clients should cache these keys and update them at least daily.

To verify the signature of a JWT you must verify the following:

The JWT signature is authentic by verifying it with the public key from Prolific that correlates with the KID.
The JWT hasn’t expired, by checking the exp claim.
The aud claim is the correct domain for your tool.
The prolific value matches your expected payload as set in the external_study_url property.

Fetches the public keys that can be used to verify JWTs signed by Prolific. Clients should cache these keys and update them at least daily. To verify the signature of a JWT you must verify the following: * The JWT signature is authentic by verifying it with the public key from Prolific that correlates with the KID. * The JWT hasn't expired, by checking the `exp` claim. * The `aud` claim is the correct domain for your tool. * The `prolific` value matches your expected payload as set in the `external_study_url` property.

Response

Successful response with the JWKS.

keyslist of objects or null

1	{
2	"keys": [
3	{
4	"kty": "RSA",
5	"kid": "string",
6	"alg": "RS256",
7	"n": "string",
8	"e": "string",
9	"use": "sig",
10	"key_ops": [
11	"verify"
12	]
13	}
14	]
15	}