Hello!
I have SPA and M2M applications in my account. Both applications have the same signing certificates. I assumed each application would have different certificate that I can use when validating JWT and determine whether it’s end-user access token or M2M token.
Are all applications in an account expected to have the same signing certificate?
Thanks.