Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

I am experimenting with Hydra JWK Key rotation and noticed when I rotate the JWK ( adding a new one, old one still remains ) that any current active sessions that call the `end_session_endpoint` with an `id_token_hint` fail with a encryption error from the jose jwt library.
```The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. go-jose/go-jose: error in cryptographic primitive```
digging into the code, it seems that the logout endpoint, when a id token hint is provided, looks up the private key ( which returns the first key found, so the latest one ) which would then result in a failed decode since the id token being passed is an older one.

Is the a known issue or is there a way to fix this?