JWKS rotation frequency


From Okta doc, the JWKS keys rotation is 4 times a year except emergency rotation. If my app fetches every 5 mintues, it would seem to be pretty plenty? should I reduce the frequency? For new apps, can I start without caching of the keys and add it later if there is a slowdown?

  1. List item

Thank you.

Hi @libra04ts,

Every 5 minutes is quite frequent. Best practice is to

  1. cache the key and update it periodically, say once a day (or even less frequently).
  2. Use the nextRotation data to preempt when to update the cache.
  3. Having logic fetch new the JWKs to handle when JWT validation fails due to an expired or rotated key.



Hi @dawoudt , Thanks very much for the suggestions. This helps. Appreciated it.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.