Thanks for this article.
I struggled to discover the rsa PUBLIC KEY, to add to my IAM Consumer, when the OAuth server was an IRIS OAuth Server.   This is what I did:

I invoked the IRIS OAuth Server's jwks_uri, to retrieve the JWKS's in a browser.  (the url will typically be by default, the IRIS OAuthServer issuer endpoint followed by /jwks).  

You will see a list of keys, in the jwks collection returned. I was after the RSA 256 key, mine was located as the first json object in the collection and looked (in my case) something like this (which I abbreviated for this post): 
 

I imported this JSON object into a %DynamicObject, (represented by jsonJWK variable below) and called the function to convert this to an RSA Public key:

The variable out, populated by the function above, was the RSA Public key I needed to add into IAM.

As this stands, isn't it possible for developers to accidentally SET the CreatedAt property?.  I think it is best if this was read only, to avoid bad code accidentally corrupting this field.

Hi Luiz,  yes - I ran into this too and implemented a similar approach, however - the last thing I do is then remove the license key from the image.

This is because I do not want (in my case at least), to build images which hold valid keys.  Especially if posting this the image to a public registry.

I would expect consumers of the image would bring their own license key.