Public Ideas Portal
Create a new JWT policy -- could be "MeshJWT" -- to verify an incoming JWT.
The goal is to be able to check:
various claims (iss, aud, sub, azp, etc.)
signature against an local/in-memory public key
signature against a remote JWKS
