The Keys are referenced in your JWtIssuer Technical Profile and if your application is using an OIDC library it will automatically fetch this metadata to ensure the app uses the correct keys to validate tokens. The MSAL library helps in fetching the latest token signing keys automatically . so yes even if the public key changes , you will be ale to get the current public key when you fetch the metadata correctly .
AD B2C userflow roll over key to sign JWT
I am using the predefined userflow and use the public key that AD B2C provides in jwks_uri to validate the token on my side. My question is whether that public key will be changed later?