diff --git a/asab/web/auth/providers/id_token.py b/asab/web/auth/providers/id_token.py
index 77ed19e3..ff68882b 100644
--- a/asab/web/auth/providers/id_token.py
+++ b/asab/web/auth/providers/id_token.py
@@ -29,13 +29,12 @@ def __init__(self, app, public_key_providers: typing.Iterable[PublicKeyProviderA
 
 		self.Authorizations = {}
 
+		self.App.PubSub.subscribe("PublicKey.updated!", self.collect_keys)
 		self.App.PubSub.subscribe("Application.housekeeping!", self._delete_invalid_authorizations)
 		self.App.TaskService.schedule(self._update_public_keys())
 
 
 	def register_key_provider(self, provider: PublicKeyProviderABC):
-		if self not in provider.AuthProviders:
-			provider.AuthProviders.add(self)
 		self._KeyProviders.add(provider)
 		self.collect_keys()
 
@@ -54,7 +53,7 @@ async def authorize(self, request: aiohttp.web.Request) -> Authorization:
 		return authz
 
 
-	def collect_keys(self):
+	def collect_keys(self, *args, **kwargs):
 		"""
 		Collect public keys from all key providers into a single trusted JWK set.
 		"""
diff --git a/asab/web/auth/providers/key_providers/abc.py b/asab/web/auth/providers/key_providers/abc.py
index dbf96f13..ea100e43 100644
--- a/asab/web/auth/providers/key_providers/abc.py
+++ b/asab/web/auth/providers/key_providers/abc.py
@@ -15,7 +15,6 @@ class PublicKeyProviderABC(abc.ABC):
 
 	def __init__(self, app):
 		self.App = app
-		self.AuthProviders = set()  # Auth providers that use this public key provider
 		self.TaskService = self.App.get_service("asab.TaskService")
 		self.PublicKeySet: jwcrypto.jwk.JWKSet = jwcrypto.jwk.JWKSet()
 
@@ -42,5 +41,4 @@ def _set_keys(self, keys: typing.Optional[typing.Union[jwcrypto.jwk.JWK, jwcrypt
 		else:
 			raise ValueError("Invalid public_key type.")
 
-		for auth_provider in self.AuthProviders:
-			auth_provider.collect_keys()
+		self.App.PubSub.publish("PublicKey.updated!", self)