jwks_uriresponse locally. The standard HTTP caching headers are used and should be respected.
rotationModeproperty. For more information see the API Reference: Authorization Server Credentials Signing Object.
Keys used to sign tokens automatically rotate and should always be resolved dynamically against the published JWKS. Your app might fail if you hardcode public keys in your applications. Be sure to include key rollover in your implementation.
If your application can't retrieve keys dynamically, the administrator can disable the automatic key rotation in the administrator UI, generate a key credential, and update the application to use it for signing.