JWKS rotation frequency

libra04ts · April 28, 2023, 1:09am

Hi,

From Okta doc, the JWKS keys rotation is 4 times a year except emergency rotation. If my app fetches every 5 mintues, it would seem to be pretty plenty? should I reduce the frequency? For new apps, can I start without caching of the keys and add it later if there is a slowdown?

List item

Thank you.

dawoudt · April 28, 2023, 5:33am

Hi @libra04ts,

Every 5 minutes is quite frequent. Best practice is to

cache the key and update it periodically, say once a day (or even less frequently).
Use the nextRotation data to preempt when to update the cache.
Having logic fetch new the JWKs to handle when JWT validation fails due to an expired or rotated key.

Ref:

libra04ts · April 28, 2023, 7:45am

Hi @dawoudt , Thanks very much for the suggestions. This helps. Appreciated it.

system · April 29, 2023, 7:45am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.