Thanks @art.rosnovsky, One more thing, if there is no regular rotation of signing keys then why there is max-age=15 directive in the Cache_Control header in the response from the jwk_url?
I am trying to automate the process of refreshing keys by parsing the max-age directive and it gives a wrong interpretation in case of Auth0.
Can someone tell me what does that mean?