Cases for changing the /.well-known/jwks.json content

Problem statement

How often is the /.well-known/jwks.json content changed?


The most common case is when you rotate the tenant signing keys. That is explained in the following link.

Some rare cases of rotating the certificates could be:

  • when the certificate is close to expiry. This is expected to happen rarely as the tenant certificates have a long expiry of 10 years.
  • security concern that needs an immediate certificate rotation.