Mention OAuth2/OIDC feature

Signed-off-by: Anders Eknert <anders@styra.com>

README.md

@@ -6,6 +6,7 @@ An opinionated library for safely verifying and decoding JSON Web Tokens (JWTs)
 
 - A fully [configuration-driven approach](#configuration-driven-verification) to token verification
 - Or if you prefer, use like a traditional library — import and use verification [functions](#functions)
+- Support for OAuth 2.0 and OpenID Connect metadata endpoints for retrieving verification keys without configuration
 - Default verification constraints based on [best practices](https://datatracker.ietf.org/doc/html/rfc8725)
 - Clear error messages, describing exactly which constraints failed and why
 
@@ -82,7 +83,7 @@ a bundle `data.json` file for an entirely configuration-driven approach.
 
 #### Using `endpoints`
 
-In scenarios where Oauth 2.0 or OpenID Connect is used, public key materials (JWKS) can be retrieved via the metadata
+In scenarios where OAuth 2.0 or OpenID Connect is used, public key materials (JWKS) can be retrieved via the metadata
 endpoint — and its pointer to a `jwks_uri` — of the issuer (i.e. `iss` claim from the token). This is a convenient way
 to defer distribution of keys to an identity server rather than embedding them in OPA's data or policies.
 

lib/jwt/jwt.rego

@@ -10,6 +10,10 @@
 #     ref: https://www.rfc-editor.org/rfc/rfc7515
 #   - description: JSON Web Token Best Current Practices
 #     ref: https://www.rfc-editor.org/rfc/rfc8725
+#   - description: OpenID Connect Discovery 1.0
+#     ref: https://openid.net/specs/openid-connect-discovery-1_0.html
+#   - description: OAuth 2.0 Authorization Server Metadata
+#     ref: https://datatracker.ietf.org/doc/html/rfc8414
 package lib.jwt
 
 import rego.v1