Archived 2023.09.09. Refer to the upstream FAPI specification.
What is the key selection algorithm for choosing the encryption key from the ADR's JWKS endpoint? That is, how does one determine the key to encrypt the ID token? Participants may have a variety of keys for signing and encryption, and different keys may have different parameters.
The data standards do not specify the key selection algorithm, leaving this guidance to upstream standards. The most recent draft of FAPI provides guidance regarding appropriate key selection based on the JWK set returned via the OAuth client's JWKS endpoint.