We have recently changed domains and as such have uplifted all of the URL’s associated with our JWKS endpoints.
We have used the connection management tool within the INT environment to amend our CIS2 configuration and have also updated the JWKS address within the Digital Onboarding Portal.
We are experiencing an issue when requesting to exchange the auth token for an access token where we are informed that our KID is not present within the JWKS endpoint. We can however see the corresponding KID entry when viewing the JWKS endpoint.
We have spoken with the CIS2 who have referred us to this community as they believe the issue relates to the Digital Onboarding Portal which is managed by the API Management team.
Here is a sample response that we are currently receiving even though the KID is present and set in both locations.
{
"error": "invalid_request",
"error_description": "Invalid 'kid' header in client_assertion JWT - no matching public key",
"message_id": "rrt-826575031932329240-a-geu2-1647767-107268927-1"
}