Hello Okta Support,
We are intermittently encountering the following error while using Okta Verify with ID token validation in our backend service:
VerifierIssue: error sending request for url (https://xxxxxx.okta.com/oauth2/default/v1/keys)
Caused by:
0: client error (Connect)
1: dns error: failed to lookup address information: Name or service not known
2: failed to lookup address information: Name or service not known
This issue doesn’t occur consistently — most of the time the request to fetch the JWKS from the endpoint works correctly, but occasionally it fails with the above DNS resolution error.
Additional context:
- We are using the
id_tokenfrom Okta and verifying it on our backend. - The endpoint being hit is
https://xxxxx.okta.com/oauth2/default/v1/keys. - Our DNS and internet connectivity appear to be stable at the time of the error.
- The request is sent using a Rust-based backend service, which uses standard libraries for HTTP and DNS resolution.
Questions:
- Is there any known intermittent issue or maintenance affecting the
*.okta.comDNS resolution? - Is there a more stable or recommended way to cache the keys from the JWKS endpoint to reduce the frequency of such lookups?
- Are there recommended timeout and retry configurations for this endpoint?
Looking forward to your guidance on resolving or mitigating this issue.
Thank you.