Cache Response of JWKS Endpoint in Spring-based Java Application

lihua.zhang · October 17, 2022, 5:15pm

Last Updated: Nov 1, 2024

Overview

Using applications that rely on the Auth0 JWKS endpoint for the JWT token verification experience timeouts on the JWKS endpoint.

Applies To

Java
Timeout
JWKS Endpoint

Solution

The JWKS endpoint needs to be cached to avoid frequent calls to it. Whenever possible, we recommend prefetching the keys instead of waiting for the cache to expire. Prefetching can help avoid intermittent failures during the login flow due to the latency in this endpoint after the cache is invalidated.

For the Spring framework, in particular, you may check this GitHub issue that may help to prefetch the JWKS endpoint.

Also, based on this comment this functionality may be available in nimbus-jose-jwt soon.

Related References

Add option to prefetch jwks before first request, and refresh it in background

Related References

Add option to prefetch jwks before first request, and refresh it in background

Topic		Replies	Views
Occasional 5xx errors from Auth0 JWKS endpoint Help jwt , auth0 , api , jwks	2	2225	October 8, 2022
Feedback on Caching JWKS for JWT Verification in Ruby Help apis , application	2	80	July 15, 2024
How do I properly cache the JWKS? Help jwks , cache , auth0-php	3	5836	October 16, 2020
Is the endpoint to get the JWK for token validation rate limited? Help api , jwks , jwt-validation , key , rsa	2	3221	September 28, 2022
Requests to .well-known/jwks.json randomly timing out Help jwks	2	2984	January 28, 2022

Cache Response of JWKS Endpoint in Spring-based Java Application

Overview

Applies To

Solution

Related References

Related References

Related Topics