As per the documentation (https://docs.kinde.com/build/tokens/verifying-json-web-tokens/#json-web-key), to validate JWTs on the back end I am fetching the JWKS from https://<your_subdomain>.kinde.com/.well-known/jwks. This works. However, to avoid having to make an HTTP request for every JWT decode, I am caching the keys. I would like to know how often these keys are rotated?
There is no cache-control header present in the response, and I can't find anything in the docs to suggest how long I can safely cache these values.
Hey @rotatingshrew, JWKS key rotation is on our roadmap but not something we do yet. You are safe to cache these currently. I have noted your request down for rotating JWKS.
