Due to vulnerability warning in most 6.x versions of System.IdentityModel.Tokens.Jwt, I upgraded to the first non-vulnerable release 6.34.0. Problem is, I receive bearer error="invalid_token",error_description="the signature key was not found" as a result of the same jwt being processed. I was searching for a clear difference between these two releases, but found no clue at the moment.
I was unable to solve the issue with any non-vulnerable release. Is it possible that a configuration default has changed or the entire jwt processing is incompatible between 6.24.0 and 6.34.0?