On the Security > OAuth & OpenID Connect Keys screen, specify whether PingFederate should use static or dynamically rotating keys for OAuth and OpenID Connect. These keys are used to in the following manner:

PingFederate role Key usages
OpenID Provider (OP) Sign ID tokens for RPs
Relying Party (RP) Sign JWTs for authentication, sign OpenID Connect request objects, decrypt ID tokens, or any combination of them.