Yeah, this will be done until the old key is revoked, All the newly minted tokens will be verified against the newly generated key.
We can do the following:
- Provide the max-age in settings so that the user can configure it at the time of submitting the schema.
- Deal with the Response headers to specifically solve the problem for the firebase case (which a requested feature from some users)