JSON Web Key JWKS expiry
As per the documentation (https://docs.kinde.com/build/tokens/verifying-json-web-tokens/#json-web-key), to validate JWTs on the back end I am fetching the JWKS from https://<your_subdomain>.kinde.com/.well-known/jwks. This works. However, to avoid having to make an HTTP request for every JWT decode, I am caching the keys. I would like to know how often these keys are rotated?
There is no
cache-control header present in the response, and I can't find anything in the docs to suggest how long I can safely cache these values.
Thanks!4 Replies
Hey! I've asked the team for you couldn't find anything on the docs myself
Hey @rotatingshrew,
JWKS key rotation is on our roadmap but not something we do yet. You are safe to cache these currently.
I have noted your request down for rotating JWKS.
Thanks for that
No worries