JWKS problem if Auth service offline at the wrong time

the Fusionauth service was not reachable for a few minutes.

Theoretically this should only affect new logins as Access Tokens should still be verifiable because the Keys are cached.

→ we even have this caching in place so we can easily modify the FusionAuth instance and everything should continue as usual.

This time it did not.

Problem with caching / rate limiting

First: We must cache the keys as the overhead of always just fetching the keys even though they only change yearly would be undesireable.

Second: With the current setup there seems to be the problem that also invalid results are stored in the cache and then not refetched.

→ this then caused all request to return an unauthenticated message as the corresponding key could not be found.
and we then use jwks-rsa - npm

Hey there!

I’m not entirely sure if this is related with Auth0 stack