JwksFetch

by ShikeChenv1.2.2

Last updated Jun 19, 2026

Fetch a public verification key from a JWKS endpoint (or via OIDC discovery) and emit it as PEM.

Install with winget

$ winget install --id ShikeChen.JwksFetch --exact --version 1.2.2

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

jwksfetch is a single Native AOT executable (no .NET runtime required) that retrieves a public

JSON Web Key from a remote JWKS endpoint or via OIDC discovery, then emits the key in PEM format

to stdout. Designed as a companion to jwtdecode: pipe jwksfetch output directly into

jwtdecode --verify --key-file - for end-to-end offline JWT verification after an initial key fetch.

Installers · v1.2.2

Architecture	Type	Scope	Install	Download
x64	Portable	-		Direct
arm64	Portable	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

No known CVEs for JwksFetch.

Coverage is best-effort and depends on a winget package mapping to an NVD CPE entry. Absence here is not a guarantee of safety.

Related apps

J
JwtDecoderShikeChen
ShikeChen.JwtDecoderv1.2.2
Offline JWT decoder and (optional) signature verifier — single native exe, no runtime needed.
C
Codex CLIOpenAI, Inc.
OpenAI.Codexv0.140.0
Codex CLI is an open‑source local coding agent that runs in your terminal, letting you write, edit, and understand code without leaving the command line.
Office Deployment ToolMicrosoft Corporation
Microsoft.OfficeDeploymentToolv16.0.20026.20112
A command-line tool that you can use to download and deploy Click-to-Run versions of Office, such as Microsoft 365 Apps for enterprise, to your client computers.
Proton VPNProton AG
Proton.ProtonVPNv4.4.1
High-speed Swiss VPN that safeguards your privacy.
Oh My PoshJan De Dobbeleer
JanDeDobbeleer.OhMyPoshv29.17.0
Prompt theme engine for any shell
Nessus AgentTenable, Inc.
Tenable.NessusAgentv11.2.0.20301
Nessus Agents give you visibility into additional IT assets - even endpoints, and other remote assets that intermittently connect to the internet.

More from ShikeChen or browse jwks, jwt, json-web-key.

Frequently asked questions

How do I install JwksFetch on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id ShikeChen.JwksFetch --exact --version 1.2.2. winget downloads the installer from ShikeChen and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install JwksFetch silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id ShikeChen.JwksFetch --exact 1.2.2 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall JwksFetch via winget?

Run: winget uninstall --id ShikeChen.JwksFetch --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from JwksFetch's Apps & Features entry.

Is JwksFetch free?

JwksFetch is distributed under MIT. Refer to the publisher (https://github.com/ShikeChen-MS/JwtDecoder_local_cli) for the full license terms - Wingetly itself does not charge for installation.

Does JwksFetch work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls JwksFetch directly from the publisher.

How do I keep JwksFetch up to date?

Run winget upgrade --id ShikeChen.JwksFetch --exact, or winget upgrade --all to update everything winget tracks. We index 1 version of JwksFetch from microsoft/winget-pkgs.