rotatingshrew
KKinde
•Created by rotatingshrew on 10/9/2024 in #💻┃support
JSON Web Key JWKS expiry
As per the documentation (https://docs.kinde.com/build/tokens/verifying-json-web-tokens/#json-web-key), to validate JWTs on the back end I am fetching the JWKS from https://<your_subdomain>.kinde.com/.well-known/jwks. This works. However, to avoid having to make an HTTP request for every JWT decode, I am caching the keys. I would like to know how often these keys are rotated?
There is no
cache-control header present in the response, and I can't find anything in the docs to suggest how long I can safely cache these values.
Thanks!5 replies