oauth/oidc: caddy-security fails when jwks contains an unsupported key

[ghost]

Hello,
we're using caddy-security with openID connect using a custom open id provider.
The jwks.json returned by the .well-known metadata contains an Ed25519 key, and caddy-security fails to start with this message:

caddy-caddy-1  | {"level":"error","ts":1681716993.476016,"logger":"security","msg":"failed provisioning app server instance","app":"security","error":"server initialization failed: failed configuring identity provider: failed to fetch jwt keys for OAuth 2.0 authorization server: invalid jwks key: jwks unsupported key type OKP for <key>"}

We do not intend to use Ed25519 keys with caddy-security, they just happen to be supported by the server. If I understand it correctly, I believe caddy-security could just ignore them instead of failing at start.

If we remove the ed25519 key from they keyset, caddy-security works fine. But we can't do it in production.

[em-]

See also

• What JWKS key types are supported in the generic OAuth2 backend? #48
• question: Invalid jwks key for Keycloak #170