====== JSON Web Keys ====== The OpenID specification requires a JWKs endpoint to list public keys that can verify ID tokens. Current thinking is to store them in the filesystem either in PEM or JSON format. A Flask command can be created to rotate these on a schedule. These should be stored with the correct file permissions (''o-rwx'' at a minimum). We should support the EC and RSA algorithms (EC is preferred, RSA is still required by the spec).