Hi,
we had to regenerate the thumbprint today again for the " *eu.auth0.com" domain as authentication started to fail with certificate issue.
After regenerating the thumbprint using this link (Obtaining the thumbprint for an OpenID Connect Identity Provider - AWS Identity and Access Management) it started working again! We generated our last one several weeks ago, my question is how long this certificate will last and why it is getting invalidated so quickly.
It’s not the news you will want to hear, but at this time the correct response to the question of when can a certificate change is at any time as mentioned at (General Usage and Operations Best Practices).
The reality will of course be a bit more nuanced and there will likely be periods when certificate won’t change for any other reason than their expiration dates, but as mentioned in the link above changes due to other reasons may still happen at any time.
If you can’t in any away avoid the need for pinning a certificate you may need to consider building some automation on your system that tries to compensate for any possible changes.