JWK set support #734
Description
It would be great if the relay had an option to load JWKs from a JWK Set.
[auth]
# Either provide a key from file
# key = "public.jwk"
# Or load keys from a URL
jwks = "https://<my service>/jwks.json"JWK Sets are defined in RFC7517 section 5.
A Set could look something like this: https://login.microsoftonline.com/common/discovery/v2.0/keys
The JWKs should be refreshed regularly, say every 24 hours. For verification it would just pick the correct JWK according to the kid field in the JWT. That way the service hosting the JWKs could easily rotate the keys without any downtime.
I guess it would also make sense to enforce https on the JWKs URL.