Describe the problem you'd like to have solved

Hi there in UrlJwkProvider a SigningKeyNotFoundException is thrown in the method "Jwk get(String keyId)" for two different reasons:

1. If in getAll()-> getJwks() the connection to the location of the JWK fails. Which is an serious issue for operation of the service, as most likely all token could not be verified)
2. If the KeyId in the token could not be found. (most likely if an attacker sets an arbitrary key id in the token)

Describe the ideal solution

Please make it possible to distinct between these two cases with a proper exception being thrown. To not break any existing code, which is calling the methods, the new exception should be a child class of SigningKeyNotFoundException or a RuntimeException.

Alternatives and current work-arounds

A current workaround will be to look at the cause of the exception, which is a fragile, as one has to know which specific connection issues could occur and that there is no other place, where such an exception could be thrown.

An alternative of the approach above will be to change the return type of "Jwk get(String keyId)" to "Optional get(String keyId)" that there is a distinction between the the more common case, where a key with the wrong keyId is requested an an exceptional connection problem. This will involve more rework.

Thank you for considering this change.