I'm not sure how IdentityServer produces jwks. When I run it I can only see one set of jwks. I see some of the example as like https://login.microsoftonline.com/common/discovery/v2.0/keys which it has multiple jwks. Inside this url, it seems that jwks refer to the tenant. Is that means I can have multiple jwks also if I integrate my IdentityServer with other OpenId providers like Google, Facebook?
Identity Server 4 only uses one asymetric key pair to sign JWT's. To the best of my knowledge, there is no out of the box support to use key pair per tenant (unless ofcourse you host a separate instance per tenant).
Also worthwhile noting that you can technically have more than one key pair, but that is intended to support signing key rollover and not multitenancy.