I had a question about JWT verification with Kong. My use case is to use a jwks from .well-known/jwks.json to verify tokens and then validate a few claims on the jwt before passing the request off to the backend. I assumed that the JWT plugin did this but after looking it appears that the JWT Plugin only has the ability to hold a static public key for verification. I would need the ability to use a JWKS so that the public keys could be rotated periodically.
Do I have to write a plugin for this is is this builtin functionality to the JWT Plugin?
Thanks,