Well ... I think I sorted some of this out... maybe.
by going to this endpoint: https://-baseEndPoint-/oxauth/restv1/jwks
I get a list of keys like this:
`{"keys": [
{
"kid": "21c9826c-78ea-47bd-a68b-b2f670d895a0",
"kty": "RSA",
"use": "sig",
"alg": "RS256",
"exp": 1574294666669,
"n": "oA6icZNRvHdBAcSBy...B0hw",
"e": "AQAB",
"x5c": ["MIIDBDCCAeygAwIB...pKXnUf/fs="]
}, ...`
Which gives me keyId & keyAlg. I am guessing that x5c is the "privateKey"?
I am not confident about any of this because... why would I enter all of these manually in the config when the app can easily collect them from the url endpoint?