I am creating a resource server that is using using ping federate 8.2.2 as as an authorization server to validate JSON Web Token’s upon certain requests. I am trying to validate the signature, so I planned on using .well-known/openid-configuration (https://example.com/.well-known/openid-configuration) to get the jwks_uri (i.e https://example.com/pf/JWKS) . I then request the data from this uri, and use the “kid” to find the correct keyset in the data. However, I found that my “kid” is not listed in the keyset list. I spoke to the administrator and he suggested using another uri (https://example.com/ext/pf/JWKS). The keyset showed up on this alternate URI. I proceeded to ask why it was not in the referenced .well-known/openid-configuration “jwks_uri”. He was not sure.
My question is, does anyone know how to make sure the keyset I am using is in the correct jwks_uri location?
Also, since I was not sure which message community to send this to, please let me know if this is incorrect. I will move it over to the correct community upon request