> For the complete documentation index, see [llms.txt](https://docs.cosmocloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cosmocloud.io/advanced-guide/configuring-authentication/authentication-concepts.md). # Authentication Concepts ### **JSON Web Tokens (JWT)** JWTs are compact, URL-safe tokens used in authentication, particularly in token-based authentication systems. They can carry a set of claims that are typically used to pass the identity of authenticated users between an identity provider and a service provider. JWTs can be signed using a secret key (using the HMAC algorithm) or a public/private key pair using RSA or ECDSA. ### **JSON Web Key Set (JWKS)** JWKS is a set of keys containing the cryptographic keys used for signing or encrypting the JWTs. Each key in the JWKS is represented as a JSON Web Key (JWK). ### **JWKS URI** The JWKS URI is a URL that points to a set of public keys used to verify the signatures of JWTs. The authentication server provides this URI and allows client applications to retrieve the public keys dynamically. This is particularly useful in scenarios where keys need to be rotated or updated without requiring manual updates in the client applications. #### **Use Case of JWKS in Authentication** When a JWT is used in an authentication process: * The JWT is generated and signed by an authentication server using a private key. * The JWT is sent to a client application, which then needs to verify the signature to trust the claims within the token. * The client application retrieves the public key from the JWKS URI provided by the authentication server. This key can verify the JWT's signature, confirming that the expected authentication server indeed issued the token and has not been tampered with. * The use of JWKS helps manage public keys efficiently and securely, especially in distributed systems or cloud-based environments where multiple services must verify tokens independently. It reduces the risk associated with key distribution and management, allowing for more scalable and secure authentication architectures. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.cosmocloud.io/advanced-guide/configuring-authentication/authentication-concepts.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.