Which key should I use to verify JWT's signed by Google?

Calling the jwks_uri (https://www.googleapis.com/oauth2/v3/certs) from Google's OpenID Connect discovery URI returns a JSON object with not one but three different keys. How is one supposed to know which is to be used to verify a JWT signed by Google?

Solution

To answer my own question, Google's JWT does indeed include the kid in the header.

I need to add a privacy policy to my flutter web app for Google verification
Limiting the scopes of an OAuth 2.0 flow
Why do i need to specify redirect_uri if i am authenticating from server side?
New Google place api using google OAuth, ask failed to refresh token
Access token obtained with 'auth-code' login flow with 'drive.file' scope, later used for picking file and on the server returns "entity not found"
PHPMailer getOAuth2token response to div
Google AdWords API authorization raising AdsCommon::Errors::AuthError
Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
Cross-client Google OAuth: Get auth code on iOS and access token on server
Google Authenticator available as a public service?
Google OAuth components must be used within GoogleOAuthProvider
Access google cloud storage bucket from other project using python
Django Google log-in/sign up not working even though django-oauth
How to obtain android app version code using Google Api?
Problems with ShinyApp and Google authentification, when making Public
testing google sheet editor addon fails with error 403
Google API Invalid JWT Signature in SFCC
Google Classroom iframe, compare login_hint with signed in user
Origin is "not allowed" for given client ID when origin was added
Issue when trying to register an app for consent screen in google oauth
Correct setup for accessing a GSheet published as a webapp via a service account
How to set up Google OAuth clients to split authorization and token exchange between client and server?
Get 403 response with the "new" Firebase Cloud Messaging API
Google OAuth 2.0 Flow Issue (Implicit)
Unable to fetch access token and refresh token from google OAuth2.0 using the authorized code
How should I use the id token returned to me by Google after a successful code exchange?
Google Cloud Platform adding OAuth Client ID says Requested entity already exists
Gmail API Oauth2 Send from different address
How to test Google's OAuth granular consent screen for TV & Device Apps
How to verify google auth token at server side in node js?