JWKS expiration using cache-control

TomAtHulu · September 9, 2019, 4:45pm

Last week I was using the response header ‘cache-control’ with ‘max-age’ value to determine the expiration of keys returned via ‘/oauth2/default/v1/keys’.
On Friday the response header changed on both production and oktapreview sites.
The return header ‘cache-control’ now contains ‘cache-control: no-cache, no-store’.

Has this changed? If not, is this a bug? If so, how would I now determine when the keys expire?

TomAtHulu · September 9, 2019, 5:01pm

This seems to have resolved itself today. Both production and preview sites are working again.

TomAtHulu · September 11, 2019, 6:29pm

I had a call with Okta support today and it was suggested that I leave this as a ‘still unresolved’ post.
Reason is that it really wasn’t resolved … it merely went away. So if anyone else has experienced this,
please comment.