With the introduction of OAuth and OpenID Connect, the usage of bearer tokens to transport the authenticity of a user has become quite common also outside the OAuth/OpenID Connect use cases.
To validate such bearer tokens, the relying party must have access to the public keys of the token issuer. To allow for flexible key management by the token issuer, many token issuers will now provide their key material in the form of a JWKS (JSON Web Key Set) that can be downloaded from a specific URL at the token issuer. If the token signature can be validated correctly with one of the keys of the JWKS, the validation of the token is considered successful.
If the token issuer supports a JWKS endpoint, Airlock IAM can be configured to use this during a regular authentication flow or during one-shot authentication.