Axioms uses cryptographic keys to create a digitally signed token as well as for token and data encryption. These keys are unique for each tenant and are stored in JSON Web Keys (JWK) format in tenant database.
Axioms support three key types:
oct. For more information please review JSON Web Algorithms
Create new key
When you create a new tenant, Axioms platform will automatically create a new set of default keys of type
oct. So you typically don't need to create a new key. That
said, depending on your need you can manually create new keys and set them as default.
🔵 You can have as many crypto keys you want, but for each
key type there can be only one default key. Default keys are rotated periodically.
🔴 If needed you can ⚡deactivate⚡ an existing key through UI. Before you deactivate an existing key make sure there is at-least one active and default key of given key type.
JSON Web Key Set (JWKS) is a set of keys containing the public keys of key type
EC that can be used to verify the signed JWT tokens. JWKS URI for a given tenant domain are available at,
You can also find the JWKS endpoint programmatically using your OpenID Connect Discovery endpoint and look for