• Configure the JWT access token validator with the issuer's public signing key:
    • Store the public key as a trusted certificate in the server's local configuration using the trusted-certificate property.
    • Provide the issuer's JSON Web Key Set (JWKS) endpoint using the jwks-endpoint-path property.
      Note:

      To ensure that the JWT access token validator uses updated copies of the issuer's public keys, the validator checks the configured JWKS endpoint in the following cases:

      • When the validator initializes
      • If the validator can't find a a suitable key for verification in its current set of keys