wso2 · wso2-engineering-bot · Oct 13, 2025
diff --git a/en/identity-server/6.0.0/docs/references/concepts/authentication/jwks.md b/en/identity-server/6.0.0/docs/references/concepts/authentication/jwks.md
@@ -1,9 +1,9 @@
 # JSON Web Key Set 

 ## What is JSON Web Key Set (JWKS)?

 The JSON Web Key Set (JWKS) endpoint is a read-only endpoint that returns
 the authorization server's public key set in the JWKS format. 
 This contains the signing key(s) that the Relying Party (RP) uses to validate signatures from the server.
 For more information on this endpoint, see the [OpenID Connect Discovery specification](https://openid.net/specs/openid-connect-discovery-1_0.html).

@@ -12,7 +12,7 @@
 ## Usage of JWKS

 The main benefit of allowing JWKS endpoint configuration is its ability to handle key rotation by external identity providers.
 Configuring this endpoint would enable you to programmatically discover JSON web keys and allow the third party 
 identity providers to publish new keys without having the overhead of notifying each and every client application.
 This allows smooth key rollover and integration.

@@ -23,27 +23,27 @@
 The following sequence diagram illustrates the scenario where a JWT obtained
 from a third party IdP is validated using the JWKS-based JWT Validator.

 ![JWKS validation flow]({{base_path}}/assets/img/concepts/jwks-validation-flow.png) 

 The steps of the above diagram are explained below:

 **Step 1:**

 -   User requests a JWT assertion from the identity provider.

 -   A valid JWT is returned with the response.

 **Step 2:**

 -   The user initiates a token request to WSO2 Identity Server’s token endpoint
    using JWT grant type with the obtained JWT assertion.

 -   Access token issuer handles all the requests sent to the token
    endpoint.

 **Step 3:**

 -   Access token issuer invokes the JWT grant handler to validate the
    provided JWT assertion.

 -   Deploys and configures the JWT client-handler artifacts.
@@ -101,11 +101,12 @@
 }
 ``` 
 
-| Property Value                 | Description         | 
-| --------------------- | ------------- | 
-| kty | The public key type.|                            
-| e           | The exponent value of the public key.|                              
-| use         | Implies how the key is being used. The value sig represents signature.| 
-| kid         | The thumbprint of the certificate. This value is used to identify the key that needs to be used to verify the signature.  | 
-| alg         | The algorithm used to secure the JSON Web Signature.  | 
-| n           | The modulus value of the public key.  | 
+| Property Value                 | Description         |
+| --------------------- | ------------- |
+| kty | The public key type.|
+| e           | The exponent value of the public key.|
+| use         | Implies how the key is being used. The value sig represents signature.|
+| kid         | The thumbprint of the certificate. This value is used to identify the key that needs to be used to verify the signature.  |
+| alg         | The algorithm used to secure the JSON Web Signature.  |
+| n           | The modulus value of the public key.  |
+| x5c         | The X.509 certificate chain. Contains a chain of one or more PKIX certificates in base64-encoded DER format. For more information, see the [RFC 7517 specification](https://datatracker.ietf.org/doc/html/rfc7517#section-4.7).  | 
diff --git a/en/identity-server/6.1.0/docs/references/concepts/authentication/jwks.md b/en/identity-server/6.1.0/docs/references/concepts/authentication/jwks.md
@@ -101,11 +101,12 @@ The default JWKS of WSO2 Identity Server is as follows.
 }
 ``` 
 
-| Property Value                 | Description         | 
-| --------------------- | ------------- | 
-| kty | The public key type.|                            
-| e           | The exponent value of the public key.|                              
-| use         | Implies how the key is being used. The value sig represents signature.| 
-| kid         | The thumbprint of the certificate. This value is used to identify the key that needs to be used to verify the signature.  | 
-| alg         | The algorithm used to secure the JSON Web Signature.  | 
-| n           | The modulus value of the public key.  | 
+| Property Value                 | Description         |
+| --------------------- | ------------- |
+| kty | The public key type.|
+| e           | The exponent value of the public key.|
+| use         | Implies how the key is being used. The value sig represents signature.|
+| kid         | The thumbprint of the certificate. This value is used to identify the key that needs to be used to verify the signature.  |
+| alg         | The algorithm used to secure the JSON Web Signature.  |
+| n           | The modulus value of the public key.  |
+| x5c         | The X.509 certificate chain. Contains a chain of one or more PKIX certificates in base64-encoded DER format. For more information, see the [RFC 7517 specification](https://datatracker.ietf.org/doc/html/rfc7517#section-4.7).  |