auth.provider API
    Preparing search index...
    • Build the JWKS publishing Router. The router registers path as an absolute path internally, so the effective endpoint is the router's mount point + path. Mount at the application root (app.use(createRouter( express, keyStore))) for the common case. Prefix-mounting (e.g. app.use("/auth", createRouter(...))) is valid only when the advertised jwks_uri carries the same base path — typically because the issuer identifier itself has that prefix (jwks_uri = ${issuer}${path}). If the mount prefix and the issuer prefix disagree, discovery advertises a jwks_uri that does not resolve. (The core jwksModule mounts at "/" and relies on the issuer prefix to carry any base path.)

      The response carries Cache-Control: public, max-age=<cacheMaxAgeSeconds> (JWKS is public data and the most-polled verifier endpoint).

      Direct callers bypass the config schema, so path and cacheMaxAgeSeconds are validated here and the factory throws on misconfiguration (a non- absolute path or a negative / non-integer cache age) — failing fast at boot rather than registering an unexpected route or emitting an invalid Cache-Control header.

      Parameters

      Returns Router