@dan
Yes, it was helpful, thank you very much!
The only thing I didn't see but I figured out is setting the Id Token signing key to OpenID Connect compliant HMAC using SHA-256.
What I did is set manually that property and took a look at the logs. There I found the new value of it and added that to kickstart.json.
I am curious if this is working because I set the algorithm and the accessTokenKeyId as follows:
"algorithm": "HS256",
"accessTokenKeyId": "#{FUSIONAUTH_DEFAULT_SIGNING_KEY_ID}",
and I added let's say a random uuid for the idTokenKeyId, or it is working because I added the hard coded idTokenKeyId which gives me the OpenID Connect compliant HMAC using SHA-256 name and value.