Hi all, I’m new to Okta and looking for some guidance. According to this doc, it seems Okta supports both local and remote verification methods. With RS256 public key i can verify the token, which is cool. But to check against revocations, i will need to call introspection url which is the remote method.
In a Microservices-backed high throughput system, is there a best practice to around using this remote method? Despite the network latency, Is okta able to handle if we do this for every API request?
or are we supposed to use a hybrid method where we only do remote introspection periodically while having the public key based local verification as the default option?
appreciate some guidance. thank you.