The jti parameter in a JWS should be used to catch reuse.

rohe · rohe · commit 021156c74f2f · 2020-01-20T17:07:28.000+01:00
Need a database to hold all the jtis I've seen.
Audience in a private_key_jwt JWS is endpoint dependent.
It should not be possible to use a private_key_jwt constructed to be used
at one endpoint to be used at another.

Bumped version
diff --git a/src/oidcendpoint/__init__.py b/src/oidcendpoint/__init__.py
@@ -6,7 +6,7 @@
 except ImportError:
     import random as rnd
 
-__version__ = "0.12.0"
+__version__ = "0.12.1"
 
 
 DEF_SIGN_ALG = {
