Overview#Jwks_uri is a REQUIRED metadata entry for OpenID Connect Discovery expressed as a URI the OpenID Connect Identity Provider (IDP) 's JSON Web Key Set JWK document. This contains the signing key(s) the Relying Party uses to validate signatures from the OpenID Connect Identity Provider (IDP).
The JWK Set MAY also contain the OpenID Connect Identity Provider (IDP)'s encryption key(s), which are used by Relying Partys to encrypt requests to the OpenID Connect Identity Provider (IDP). When both signing and Encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage.
Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.JWK Set is a JSON object that represents a set of JWKs. The JWK Set JSON object MUST have a "keys" member, which is an array of JWKs.