check_issuer_jwks

command
v0.5.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2026 License: BSD-2-Clause Imports: 15 Imported by: 0

README

check_issuer_jwks

CLI tool that validates an OpenID Credential Issuer's JWKS and signed metadata.

Build

make build-check-issuer-jwks

Usage

./bin/check_issuer_jwks [flags] <host-url>
Flags
Flag Description
--no-color Disable colored output
Example
./bin/check_issuer_jwks https://issuer.example.com

What it checks

  1. Fetches /.well-known/openid-credential-issuer metadata
  2. Fetches /jwks and validates each key (completeness, no private key material)
  3. Parses signed_metadata JWT from the metadata:
    • Verifies x5c header is present
    • Validates certificate chain (issuer/subject linkage, signatures, expiry)
    • Verifies JWT signature using the x5c leaf certificate
    • Confirms the JWKS key (by kid) matches the x5c leaf certificate public key

Exits with code 0 on success, 1 if any check fails.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.