Last week I was using the response header ‘cache-control’ with ‘max-age’ value to determine the expiration of keys returned via ‘/oauth2/default/v1/keys’.
On Friday the response header changed on both production and oktapreview sites.
The return header ‘cache-control’ now contains ‘cache-control: no-cache, no-store’.
Has this changed? If not, is this a bug? If so, how would I now determine when the keys expire?