feature: support jwt client configuration

[strehle]

allow to set JWKS configuration for client authentication based on private_key_jwt standard

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/186231409

The labels on this github issue will be updated when the story is started.

[strehle]

this PR belongs to the private_key_jwt story and is an enhancement to allow setting a trust for jwt client authentication
@Tallicia can you please decide if you want do a review from vmware side and how should do it, thanks

[Tallicia]

Hi @strehle - Yes we would like to review. Do you have a summary and or spec this is targeting so that we can validate this aligns to the intent?

@bruce-ricard or @hsinn0 would you like to take a look at this?

[strehle]

Hi @strehle - Yes we would like to review. Do you have a summary and or spec this is targeting so that we can validate this aligns to the intent?

@bruce-ricard or @hsinn0 would you like to take a look at this?

Sure, the related PR from UAA is cloudfoundry/uaa#2449 . This explains the API.
See:
https://docs.cloudfoundry.org/api/uaa/version/76.22.0/index.html#change-client-jwt

The uaac change is cloudfoundry/cf-uaac#125

So finally the feature is to maintain the new client jwt trust. If trust is there a Openid connect client can use it.
Private_key_jwt is a common way, therefore if a uaa client hat jwt trust, you can use standard spring security in a test app, e.g.
https://github.com/strehle/spring-openid-client/blob/main/src/main/resources/application.yml