Package Exports
- did-jwks
- did-jwks/package.json
Readme
did-jwks
Core implementation of the did:jwks method that enables OAuth2/OIDC JWKS endpoints to be used as DID identifiers.
Installation
npm install did-jwksIn most cases, you will want to use the []jwks-did-resolver](../jwks-did-resolver) packages with the did-resolver package.
Usage
import { fetchJwksDidDocument } from "did-jwks"
const didDocument = await fetchJwksDidDocument("did:jwks:accounts.google.com")
console.log(didDocument)CLI
npx did-jwks did:jwks:accounts.google.comAPI
fetchJwksDidDocument(did: string): Promise<DidDocument>
Fetches a DID Document for a did:jwks identifier.
import { fetchJwksDidDocument } from "did-jwks"
const didDocument = await fetchJwksDidDocument("did:jwks:example.com")
console.log(didDocument)How It Works
- Parse DID: Extracts domain and optional path from the DID
- JWKS Discovery: Attempts to fetch JWKS from:
- Direct:
https://domain/.well-known/jwks.json - OAuth2 Discovery:
https://domain/.well-known/openid-configuration
- Direct:
- Transform: Converts JWKS keys to DID verification methods
- Generate: Creates a standard DID document
Examples
Google OAuth2
const result = await fetchJwksDidDocument("did:jwks:accounts.google.com")
// Resolves Google's JWKS for OAuth2 token verificationGitHub Actions
const result = await fetchJwksDidDocument(
"did:jwks:token.actions.githubusercontent.com"
)
// Resolves GitHub's JWKS for Actions token verificationCustom Domain with Path
const result = await fetchJwksDidDocument(
"did:jwks:auth.example.com:tenant:123"
)
// Resolves to https://auth.example.com/tenant/123/.well-known/jwks.jsonLicense (MIT)
Copyright (c) 2025 Catena Labs, Inc. See LICENSE for details.