The method IdentityToken::getMatchingKeyForJws() that is triggered for every JWT validation throws a ServiceException if no matching key can be found.
This is to be expected, eg. when keys have been rotated and the client still has an old JWT.
Instead the session should be ended, leading to a new authorization process.
The method
IdentityToken::getMatchingKeyForJws()
that is triggered for every JWT validation throws aServiceException
if no matching key can be found. This is to be expected, eg. when keys have been rotated and the client still has an old JWT.Instead the session should be ended, leading to a new authorization process.