Allow jwks uri or jwks json for signature verification

[juancgalvis]

Hi, we want to use your web site with a token and jwks, so your site may identify the key id from 'kid' header and extract it from the jwks, the jwks may be set as another json input or an url input that loads it (may fails cors by this reason the json input is proposed)

What do you think about it?

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇‍♂️