How do I validate a JWT using JwtSecurityTokenHandler and a JWKS endpoint?

Check this sample:

https://github.com/IdentityServer/IdentityServer4/blob/master/samples/Clients/old/MvcManual/Controllers/HomeController.cs#L148

It manually retrieves the key from the JWK and populates the validation parameters.

var jwks = "{ keys: [..." // your jwks json string
var signingKeys = new JsonWebKeySet(jwks).GetSigningKeys();

Then simply assign it to the IssuerSigningKeys property of your TokenValidationParameters.

If you are reading the jwks from a web service, then you would need a http client to read it first.