As far as I understand the public key to verify e.g. accesstokens is not known to a client, but is taken from the OAUth Endpoint token_key.
Doesn't that mean that the security of my system relies completely on a "key exchange" over a possibly much less secure channel than the token cryptography? E.g. my tokens use 4096 Bit keys, but the SSL Certificate that ensures I'm talking to the correct Endpoint only uses 2048 or my system is configured to accept outdated TLS versions, or I am able somehow (in the corporate network) to create trusted SSL certificates or or or
Why isn't there a more elaborated key exchange mechanism?
If you're in a place where you can't trust HTTPS, you you have a much bigger issue, but you are correct that OAuth2 is not designed to be secure when HTTPS is untrusted.
The assumption is that HTTPS is trusted.