Brian Demers

With key rotation for remote jwks, the list all of all valid `kid` isn't known ahead of time, so could not automatically prime the cache. I think for many use-cases...

Hey @skjolber, The list of jwks keys is NOT always known ahead of time, this is an important detail when it comes to key rotation and removing any exposed keys....

Great work!

good point, java8plus, nonJDK7 or something like that would work

@Marcono1234, In general, I'm +1, but I think the methods should be structured something like: ```java public Jwt parse(String jwt, boolean allowUnsigned); // default to require signature public Jwt parse(String...

@ReDestroyDeR in the short term you can create a `SigningKeyResolver` that looks something like: https://github.com/okta/okta-jwt-verifier-java/blob/master/impl/src/main/java/com/okta/jwt/impl/jjwt/RemoteJwkSigningKeyResolver.java

+1, I took a quick shot at testing this out. After a bit of fumbling, I was able to load a private key from a Yubikey's PIV interface. I wasn't...

@netmackan that sounds like a plan! As for the other API changes Any chance you have a minimal example that would hit all the touchpoints you mentioned in #700?

It's likely something that will need to wait for a breaking API change @pethaniakshay, but for now, you should be able to cast the param to force the use of...

Wow @lhazlewood, I had convinced myself 0.11 was already out. 🤦‍♂ I changed the note to say that Gson support was added. As for the test, I added SpotBugs and...