We have a backend with code similar to the Python quickstart for Auth0 that fetches the JWKS from
"https://"+AUTH0_DOMAIN+"/.well-known/jwks.json". Last week, we were seeing ephemeral errors when hitting this endpoint, including:
- HTTP 500 (internal server error)
- HTTP 503 (service temporarily unavailable)
- An SSL handshake failure
Should we be worried about this? Was there some sort of Auth0 outage last week? Or do we need to build our code to be tolerant of this API endpoint being flaky?
We’ve started caching the JWKS (mostly to improve latency, to avoid having to fetch the JWKS for every request), and incidentally, we haven’t seen 5xx errors from this API endpoint since then, but I’m not sure if that’s just because we’re making fewer requests overall, and whether we’re going to run into the same issue, just after a longer period of time.