We have a backend with code similar to the Python quickstart for Auth0 that fetches the JWKS from "https://"+AUTH0_DOMAIN+"/.well-known/jwks.json". Last week, we were seeing ephemeral errors when hitting this endpoint, including:
HTTP 500 (internal server error)
HTTP 503 (service temporarily unavailable)
An SSL handshake failure
Should we be worried about this? Was there some sort of Auth0 outage last week? Or do we need to build our code to be tolerant of this API endpoint being flaky?
We’ve started caching the JWKS (mostly to improve latency, to avoid having to fetch the JWKS for every request), and incidentally, we haven’t seen 5xx errors from this API endpoint since then, but I’m not sure if that’s just because we’re making fewer requests overall, and whether we’re going to run into the same issue, just after a longer period of time.
Apologize for the delayed response but wanted to get to this one.
I just did a bit of digging and am not seeing any outage around the time mentioned so I unfortunately don’t have an answer there.
I’m wondering if you were running into rate limits. Regardless, I’m happy to hear you’re no longer experiencing this after caching, which is the recommend approach. You can see in following code we default to 10 minutes in our auth0-Python: