tyf
July 15, 2024, 5:53pm
3
Hey @raphael.egeley welcome to the community!
raphael.egeley:
After further reading on how to locate JSON Web Key Sets , I decided to enhance the efficiency of the process by implementing caching. This way, I avoid performing an HTTP request to Auth0 for each token verification.
Great Idea! Overall, I think your approach is good - There isn’t a recommended time to cache tokens. The following post expands on caching JWKs and is still useful despite being a few years old.
Hi @benji .
(This response was updated on April 2021 to reflect signing keys rotation and updated guidance on caching).
Auth0 nows support signing key rotation initiated by tenant admins (see Signing Keys for details). A tenant’s JWKS resource will have the current key and the “next” key, so applications that prepare in advance for a key rotation.
The JWKS resource will return the same set of keys most of the time. Applications should cache these resources, but they also need to be prepared to…
1 Like