Google points to https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com for folks to verify JWT tokens.

I've been digging for ~1 hour and can't find an easy way to go from that JSON encoding to anything I can put in JsonWebKeyStore.

Am I missing something?

thanks!

Maybe I need to be using https://www.googleapis.com/oauth2/v3/certs

That needs to be documented better!

That's it!

Er, actually it's https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com

Google could make this easier