Description

We would like to use the symfony/security-http OIDCTokenHandler but the Identity and Access Management system currently employed exposes a JWK Keyset via it's realm certs url as opposed to a single JWK of which the token hander in question only currently supports.

It would be great if the OIDCTokenHandler could also accept an instance of JWKSet to be passed into it's constuctor which will also incur modifications in how the jms is verified.

Example

final class OidcTokenHandler implements AccessTokenHandlerInterface
{
    use OidcTrait;

    public function __construct(
        private Algorithm $signatureAlgorithm,
-       private JWK$jwk,
+       private JWK|JWKSet $jwk,
        private string $audience,
        private array $issuers,
        private string $claim = 'sub',
        private ?LoggerInterface $logger = null,
        private ClockInterface $clock = new Clock()
    ) {
    }
}