JwtVerifierBuilder - Local or Remote

php
#1

Does the JwtVerifierBuilder do a local or remote verification?
I am using the PHP flavor : https://github.com/okta/okta-jwt-verifier-php

Thanks!

#2

It does local verification with a key that is retrieved remotely.

#3

Thanks Tom,

After the local verify function that you outlined I also am calling introspect remotely to okta servers. Might be overkill or pointless but I always err on the side of security.

I am also calling introspect every 5-10 minutes on a users session to make sure the token has not been revoked.

#4

Hello guys,

We use this library in our microservice to validate the user is allowed to use them.
But each time we call this function verify() it takes about 1s to get a reply.

Is it possible to cache the key for at least one hour ? Is there something available inside the library ?
From the documentation, i saw this key can be amended about 4 times a year by okta.

Any documentation link would be helpful to add cache or to avoid to call the okta remote server each time.

Thanks a lot,
Alex