Jwks-rsa Error "JsonWebTokenError: error in secret or public key callback: socket hang up"

Last Updated: Sep 16, 2024

Overview

The below error has been encountered intermittently when accessing https://TENANT_DOMAIN/.well-known/jwks.json.

JsonWebTokenError: error in secret or public key callback: socket hang up

This error also happens across other tenants.

This article details what is causing this error and how to solve it.

Applies To

  • jwks-rsa library

Cause

For Node JS-base, the error occurs when an ECONNRESET is thrown. This is because the server closed the socket before the client did (TCP level), usually because the client is reusing sockets to make requests and, unfortunately, times the request with the socket closing.

Solution

Caching should be used to solve this issue.

This should reduce the chance a socket is reused by reducing the number of requests being made in general - signing keys should only change when a tenant admin rotates them or in the unlikely event that Auth0 has to rotate a compromised private key and notify the impacted customer.
Thus, the keys can be cached for long periods. If there is an error, the jwks.json endpoint can be called to check that the cache has been updated.

Related References

1 Like