The OP needs to be able to manage keys as defined in
http://openid.net/specs/openid-connect-core-1_0.html#RotateSigKeys
- Configure a lifetime for key(s) and a grace period within which old keys are valid
- Set a cache-control header on the jwks endpoint, based on the lifetime
- Retain old keys internally for the grace period
An RP implementation should be able to use the same code
The OP needs to be able to manage keys as defined in
http://openid.net/specs/openid-connect-core-1_0.html#RotateSigKeys
An RP implementation should be able to use the same code