While testing behaviour I noticed that Cache-Control headers were not respected and signing keys with no-cache directive were still cached. This might be a problem as Okta rotates signing keys after each 90 days and caching them always will cause authentication errors
Hello, @Valdas
Steps to Address Cache-Control Headers Issue
Custom HttpClient for Token Validation:
You can configure a custom HttpClient to handle the caching behavior more precisely. This allows you to set the Cache-Control headers explicitly.
Manual Cache Invalidation:
Implement a mechanism to manually invalidate the cached signing keys periodically, ensuring they are refreshed before Okta rotates them.
Check Okta SDK Updates:
Ensure you are using the latest version of the Okta.AspNetCore package, as there might be updates or fixes related to this issue.
Custom Token Validation Logic:
As a last resort, you can implement custom token validation logic to handle the caching behavior according to your requirements.