Retrieving the Public Key ID

A JSON Web Token (JWT) includes these three elements:
  • Header
  • Payload
  • Signature
Each element is separated by a period (.) in this format:
header.payload.signature
.
The
kid
parameter within the JWT header is the public key ID. You use this ID to request the public key using the
/flex/v2/public-keys/
{kid}
endpoint.

Decrypting the JWT Header

The JWT is Base64-encoded. You must decrypt the token before you can see the
kid
parameter.
Example: Header
eyJraWQiOiJ6dSIsImFsZyI6IlJTMjU2In0K
Example: Decrypting Header on the Command Line
echo 'eyJraWQiOiJ6dSIsImFsZyI6IlJTMjU2In0K' | base64 --decode
Example: Output
{"kid":"zu","alg":"RS256"}