Hello, I have a backend service that needs to validate tokens. I read this guide and it mentions that I should hit the endpoint: https://your-tenant.auth0.com/.well-known/jwks.json in order to retrieve the public key. What the article didn’t mention though was whether the endpoint is subject to r…

Hey there @a.saad welcome to the community! [image] a.saad: in order to retrieve the public key. What the article didn’t mention though was whether the endpoint is subject to rate limits or not. So if I have a medium-sized application, ~30K active users, will it be ok to get the JWK from the e…

Is the endpoint to get the JWK for token validation rate limited?

Help

tyf September 28, 2022, 6:08pm 3

Hey there @a.saad welcome to the community!

The /jwks endpoint is indeed subject to rate limits, so you’ll definitely want to implement some sort of caching. It really depends on your application needs and whether or not you have signing key rotation enabled (you should ) You can see how Auth0 goes about this in our node-jwks-rsa library. The following resources should be of help as well:

Hope this helps!

Topic		Replies	Views
Caching JWKS signing key JWT.io jwks	5	23716	September 4, 2019
JKS Validity period Help	4	2473	March 25, 2021
Will public key from JWKS go invalid Help jwks , jwt-validation , python	4	6284	August 19, 2019
JWKS Endpoint requests issue Help api , login	8	5302	December 29, 2020
Occasional 5xx errors from Auth0 JWKS endpoint Help jwt , auth0 , api , jwks	2	2226	October 8, 2022

Is the endpoint to get the JWK for token validation rate limited?

Related Topics