Which validation endpoint you use depends on the type of token that you requested:
OIDC tokens
The following table describes the high-level fields returned at the OIDC token
validation endpoint,
https://confidentialcomputing.googleapis.com/.well-known/openid-configuration.
| Key | Description | 
|---|---|
| claims_supported | The keys in the attestation token. For more details, see Attestation token claims. | 
| id_token_signing_alg_values_supported | The signing algorithms ( algvalues) supported by the
        token. Confidential Space supports theRS256algorithm. | 
| issuer | The HTTPS scheme that Confidential Space uses as its issuer identifier. The value is
           | 
| jwks_uri | The path to the public keys used to verify the token signature. You can publish these keys in a Cloud Storage bucket. You can find the  An example value is
           | 
| response_types_supported | A list of supported Confidential Space response types. Confidential Space
        supports id_token. | 
| scopes_supported | The
        
          OAuth 2.0
        scope values that the Confidential VM instance supports.
        Confidential Space supports openidonly. | 
| subject_types_supported | The subject identifier types that Confidential Space
        supports. Confidential Space supports public. | 
PKI tokens
The following table describes the high-level fields returned at the PKI token
validation endpoint,
https://confidentialcomputing.googleapis.com/.well-known/attestation-pki-root.
| root_ca_uri | The path to the root certificate that is used to verify a PKI token type signature. |