Receiving 401 Errors on Requests to /.well-known/openid-configuration and /.well-known/jwks.json endpoints

Problem statement

When making requests to /.well-known/openid-configuration and /.well-known/jwks.json endpoints 401 errors are frequently observed. The AWS API Gateway is used.

It seems similar to this issue reported in the Auth0 Community - Intermittent “OIDC discovery endpoint communication error” when using JWT Authorizer with AWS HTTP API.

Cause

This is a known issue that can be caused by a couple of factors including intermittent network issues resulting in slow cache responses on our Network Edge mixed with an apparent hard limit of 1500 milliseconds timeout imposed by AWS for these kinds of requests. See Amazon API Gateway quotas and important notes.

Solution

The following are some solutions to minimize these errors.