Is it safe to hard code https://AUTH0_DOMAIN/.well-known/jwks.json contents on my backend

My frontend app makes a lot of backend calls, so if I could avoid a jump to https://AUTH0_DOMAIN/.well-known/ on every call it would be great.

Is it safe to simply hard code it’s contents on my backend?

Hey there @dudumonteiro!

It is safe to store the JWKS on your backend as they are public keys - Just keep in mind that using the JWKS uri (https://YOUR_DOMAIN/.well-known/jwks.json) simplifies key management, especially if signing key rotation is involved.

Hope this helps!