Expose this server's keys on a JWKS endpoint
To allow consumers to validate the signature of their tokens, which are currently JSON Web Tokens, we can produce a JWKS Endpoint, as a step towards #376.
This also adds it to the OAuth Server Metadata to allow well-formed discovery and consumption of the JWKS URI.
We also remember to provide the correct content-type
of the response,
and validate that we can negotiate it.
To be especially sure it works, we can configure Nimbus to validate a JWS that we are issued with the JWKS endpoint, ensuring that it definitely works.