We are using OpenIddict, we have added Encription Certificate and Signing Certificate. The issue we have it is when the IIS restart the keys on /well-known/jwks changed, and other projects if not restart again have the wrong jwks keys, then throws 401 unauthorized. It is possible to use a fixed keys in /.well-known/jwks when the server restart?
How do you add the signing certificate? Where is it stored outside IIS?
If you use AddSigningCredential(...) and make sure the signing certificate is the same, then the JWKS keys should not change.