Hello!
We have a "Web App Bot" configured to send the messages to our endpoint. As part of the validation of the request, we are verifying the signature of the incoming auth header JWT and checking some content.
Previously we had uploaded a cert to the app so that we were signing the JWT with our own key but 12+ hours ago, we deleted that custom cert so that we would instead sign the JWT with one of the keys at: https://login.microsoftonline.com/common/discovery/v2.0/keys
After 12+ hours, the incoming JWT is still being signed with the deleted cert, is this feature currently broken? Is there a way to reset my resource to use the public keys at the endpoint above?
Thank you so much!