I am seeing occasional failures when our code attempts to get our .well-known/jwks.json. We are using the JsonWebToken code in the examples here: [https://auth0.com/docs/quickstart/backend/ruby/01-authorization](http://in the Auth0 quickstart documentation here)
Very occasionally, and seemingly randomly, instead of getting the .json file as expected, the response contains an HTML response whose human readable text says:
Looks like something went wrong!
We track errors automatically, but if the problem persists feel free to a mailto:firstname.lastname@example.org contact us. In the meantime, try again.
So I have two questions about this:
- Is our use of the json_web_token.rb strategy, which fetches the jwks.json file for each request we want to authenticate) still the preferred way of validating a JWT token?
- Should we cache the jwks.json file and only update it every once in a while, or to use it as a fallback if the HTTPs GET fails?