// Test that when I update identityProvier, then the record in publicKey cache is cleared and it's
  // not possible to authenticate with it anymore
  @Test
  public void testPublicKeyCacheInvalidatedWhenProviderUpdated() throws Exception {
    // Configure OIDC identity provider with JWKS URL
    updateIdentityProviderWithJwksUrl();

    // Check that user is able to login
    logInAsUserInIDPForFirstTime();
    assertLoggedInAccountManagement();

    logoutFromRealm(bc.consumerRealmName());

    // Check that key is cached
    IdentityProviderRepresentation idpRep = getIdentityProvider();
    String expectedCacheKey =
        PublicKeyStorageUtils.getIdpModelCacheKey(
            consumerRealm().toRepresentation().getId(), idpRep.getInternalId());
    TestingCacheResource cache =
        testingClient
            .testing(bc.consumerRealmName())
            .cache(InfinispanConnectionProvider.KEYS_CACHE_NAME);
    Assert.assertTrue(cache.contains(expectedCacheKey));

    // Update identityProvider to some bad JWKS_URL
    OIDCIdentityProviderConfigRep cfg = new OIDCIdentityProviderConfigRep(idpRep);
    cfg.setJwksUrl("http://localhost:43214/non-existent");
    updateIdentityProvider(idpRep);

    // Check that key is not cached anymore
    Assert.assertFalse(cache.contains(expectedCacheKey));

    // Check that user is not able to login with IDP
    setTimeOffset(20);
    logInAsUserInIDP();
    assertErrorPage("Unexpected error when authenticating with identity provider");
  }
  // Configure OIDC identity provider with JWKS URL and validateSignature=true
  private void updateIdentityProviderWithJwksUrl() {
    IdentityProviderRepresentation idpRep = getIdentityProvider();
    OIDCIdentityProviderConfigRep cfg = new OIDCIdentityProviderConfigRep(idpRep);
    cfg.setValidateSignature(true);
    cfg.setUseJwksUrl(true);

    UriBuilder b =
        OIDCLoginProtocolService.certsUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT));
    String jwksUrl = b.build(bc.providerRealmName()).toString();
    cfg.setJwksUrl(jwksUrl);
    updateIdentityProvider(idpRep);
  }