Details like which key is to be used to sign etc. needs to be added back.
Use client_secret. Note that client_secret has to have sufficient entropy to provide adequate security.
alg=RS256 / ES256
Use the x5u or jwk that were registered.
If there were multiple keys in jwk, kid MUST be specified in JWS header.
If there were multiple certs in x5u, then x5t MUST be specified in JWS header.
Make sure that key usage matches the use of the key.