kid from the JWKS (in fact, the JWKS itself) is only used to validate RS256 ID tokens. If you’re using HS256 (which your screenshot shows and my test using the Sign In as User in the Dashboard confirms) then the ID token is validated using the Client Secret for that application.
So, in this case, the
kid is useless because it is not used in this context. In the case of RS256, though, a
kid still is not required (RFC) since we would just use the first (or, in most cases, the only) key that was present in the JWKS. The token would still be validated using the JWKS but the key used would not be explicitly defined (leading to possible issues if the ID token was issued right when the key was being rotated).
If you want to go into a bit more depth here, we have a blog post on the topic:
Hope that helps and let me know if you have any other questions!