If you regenerate the signing keys, then the keys in tokens already issued will be invalidated. For production you need to make sure the signing keys is persisted.
you can look at the kid claim in the JWT header of your tokens. It must be found in the /.well-known/openid-configuration/jwks.
Be aware that API's and clients cache the downloaded keys for 24 hours by default.
In production you need to use this method to add the signing key that you want to sign your tokens with
AddSigningCredential
See the documentation here
In production you should not use this method AddDeveloperSigningCredential.