This afternoon we noticed that the GET https://appleid.apple.com/auth/keys endpoint is returning multiple public keys (3) now and the one that was working before (kid: "AIDOPK1") is no longer working for decrypting the id token returned from POST https://appleid.apple.com/auth/token and has broken our implementation. We wanted to know which public key we should use moving forward, as it seems the second one returned in the list of public keys is working, but we don't know whether that will be subject to change. Please let us know what to do.
Thanks!