Security Tokens Service (STS)
- also referred to as OAuth Server or OIDC Provider
- STS issues/generates JWTs which are signed and/or encrypted by its own private-key
- other entities, upon receiving a JWT can verify its signature by using STS’s public-key
- STS exposes this public-key via a JWKS endpoint (e.g.
https://STS-DOMAIN.com/.well-known/jwks.json)that returns a set of JWKs