rob, Continuing my JWT research, I looked into RFC 7517 for distribution of the public key needed to verify a JWT. It looked useful as it uses a .well-known endpoint, but there are some wrinkles with the format of the data, so I wrote down what I did.
Add comment