ycrumeyrolle
commented
3 years ago The TokenValidationPolicyBuilder will be updated for linking the issuer, the signing key and the signing algorithm.
The signature validation has to be done after the retrieval of the issuer for getting the key ring.
It may be common to have a lots of issuers for secevent. The current way to resolve this is to try to validate against each issuer policy.
A better way to achieve this is to lookup the issuer policy based on the 'iss' claim. This require to review the
TokenValidationPolicyusage.