hanno on Nostr: This was one of the instances of insecure openid connect keys I blogged about ...

This was one of the instances of insecure openid connect keys I blogged about recently https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html the host auth.univie.ac.at has an openid connect configuration file. It points to https[://]auth.univie.ac.at/jwk for its jwks_uri that contains the public keys. Apparently, one of those keys is an example key used in the software "OpenID-Connect-Java-Spring-Server". Therefore, the private key is what I like to call a "Public Private Key".