Cache Response of JWKS Endpoint in Spring-based Java Application

Last Updated: Nov 1, 2024

Overview

Using applications that rely on the Auth0 JWKS endpoint for the JWT token verification experience timeouts on the JWKS endpoint.

Applies To

  • Java
  • Timeout
  • JWKS Endpoint

Solution

The JWKS endpoint needs to be cached to avoid frequent calls to it. Whenever possible, we recommend prefetching the keys instead of waiting for the cache to expire. Prefetching can help avoid intermittent failures during the login flow due to the latency in this endpoint after the cache is invalidated.

For the Spring framework, in particular, you may check this GitHub issue that may help to prefetch the JWKS endpoint.

Also, based on this comment this functionality may be available in nimbus-jose-jwt soon.

Related References

Related References

1 Like