-
Feature Request
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
We already have JKU support to retrieve a key but this is an alrernative to inlining a public key in the config where JKUs are not used.
We should also consider configuration to timeout and update the retrieved key.
Also after a failed signature verification we may want to dynamically obtain the key again, for this last point we should only do so if we have not retrieved the key recently to avoid being used to DOS the server hosting the key.