Attestation token validation endpoint fields

Which validation endpoint you use depends on the type of token that you requested:

OIDC tokens

The following table describes the high-level fields returned at the OIDC token validation endpoint, https://confidentialcomputing.googleapis.com/.well-known/openid-configuration.

Key	Description
`claims_supported`	The keys in the attestation token. For more details, see Attestation token claims.
`id_token_signing_alg_values_supported`	The signing algorithms (`alg` values) supported by the token. Confidential Space supports the `RS256` algorithm.
`issuer`	The HTTPS scheme that Confidential Space uses as its issuer identifier. The value is `https://confidentialcomputing.googleapis.com`.
`jwks_uri`	The path to the public keys used to verify the token signature. You can publish these keys in a Cloud Storage bucket. You can find the `jwks_uri` keys at https://www.googleapis.com/service_accounts/v1/metadata/jwk/signer@confidentialspace-sign.iam.gserviceaccount.com. An example value is `https://example.storage.googleapis.com/jwks.json.`
`response_types_supported`	A list of supported Confidential Space response types. Confidential Space supports `id_token`.
`scopes_supported`	The OAuth 2.0 scope values that the Confidential VM instance supports. Confidential Space supports `openid` only.
`subject_types_supported`	The subject identifier types that Confidential Space supports. Confidential Space supports `public`.

The following table describes the high-level fields returned at the PKI token validation endpoint, https://confidentialcomputing.googleapis.com/.well-known/attestation-pki-root.

`root_ca_uri`	The path to the root certificate that is used to verify a PKI token type signature.