AAuth Explorer
signingPhase 2

Agent Identity via JWKS (sig=jwks_uri)

The agent signs requests and includes its identifier URI + key ID in Signature-Key. The resource fetches the agent's JWKS from its well-known endpoint to verify the signature, establishing cryptographic identity — the resource learns who the agent is.

§ Agent Identity
AgentResource1Unsigned GET /data-jwks → 4…4012Signed GET (sig=jwks_uri) →…3Fetch /.well-known/aauth-ag…4Fetch /jwks.json → verify s…
GET https://api.example/data-jwks401

sigkey=uri challenge: include your agent identifier URI in Signature-Key.

This enables the resource to fetch your JWKS and discover your identity.

1 / 4
speed

Step 1: Unsigned GET /data-jwks → 401

Request / response
GEThttps://api.example/data-jwks
Host

api.example