Unsecure public key signature

We are using BankID as SSO with Signicate Express Openid Connect protocol.
I cannot see that the cryptographic mechanism provides a Public Key Infrastructure at the same level as Bank ID.
from: https://login.signicat.io/.well-known/openid-configuration
the public keys are stored in https://login.signicat.io/.well-known/openid-configuration/jwks
This JSON Web Key (JWK) document is missing x5u values.

Please add x509 certificates to the x5u fields.

Hi Jan Steinar

The “x5c” (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] – not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. This MAY be followed by additional certificates, with each subsequent certificate being the one used to certify the previous one. The key in the first certificate MUST match the public key represented by other members of the JWK. Use of this member is OPTIONAL. As with the “x5u” member, optional JWK members providing key usage, algorithm, or other information MAY also be present when the “x5c” member is used. If other members are present, the contents of those members MUST be semantically consistent with the related fields in the first certificate. See the last paragraph of Section 4.6 for additional guidance on this.