K
Kinde6mo ago
Danuel

Can i rotate JWKS?

I couldn't find the hint about it. I want to make sure that there is no need to implement JWKS Rotation in the project I am working on.
6 Replies
Oli - Kinde
Oli - Kinde6mo ago
Hi @Danuel, Hi there! You're correct, there's no need for you to implement JWKS Rotation in your project. Kinde handles this for you. When using Kinde's libraries or SDKs, the JWKS rotation is managed automatically. If you're not using one of Kinde's SDKs, you can use a library to verify your token. The OpenID Foundation has a list of libraries for working with JWT tokens that you can use. Remember, the library you decide to use will likely require the URL for your public JSON Web Key (also known as a jwks file). The file can be found at https://<your_subdomain>.kinde.com/.well-known/jwks. I hope this helps! Let me know if you have any other questions.
Danuel
Danuel6mo ago
Hi @Oli - Kinde ! Hi there! First, thanks for your answer. And, I realized that there was a lot of context that I hadn't written down. I'm working with Rust, so I can't get Kinde SDK help at the moment. - the list, libraries on the OpenID Foundation, has no Rust options. - In Rust jsonwebkey(https://docs.rs/jsonwebkey/latest/jsonwebkey/), there is no rotation support. So I want to check if I need to implement it myself.
Oli - Kinde
Oli - Kinde6mo ago
Hey @Danuel, You are right, there is currently no out-of-the-box Kinde Rust SDK. But you can use Rust with Kinde using the following doc: https://kinde.com/docs/developer-tools/using-kinde-without-an-sdk/
Kinde Docs
Using Kinde without an SDK - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
Danuel
Danuel6mo ago
Yeah, thank you. I can see it. Can I cache the jwks file forever? Or do I need to implement rotation by referring to another language library?
Oli - Kinde
Oli - Kinde6mo ago
Hi there! While you can cache the JWKS file, it's important to note that the keys it contains can occasionally change. Kinde automatically rotates and revokes keys as necessary. If you cache the JWKS file and don't update it, you might end up with outdated keys, which could lead to verification failures when you try to verify JWTs. So, if you decide to cache the JWKS file, make sure to implement a mechanism to update the cache periodically or when you encounter a JWT that can't be verified with the currently cached keys. Let me know if you have any other questions!
Danuel
Danuel6mo ago
Thanks for your answer! I understand it clearly!
Want results from more Discord servers?
Add your server
More Posts
Kinde Auth Register 500Me and my team are trying to setup Kinde on our site but we get a code 500 everytime we try create aKinde Auth Register 404In production I always get this error. It seems sometimes like the users try to click multiple timesBrandingHi I am not able to upload a logo on the branding page, also when I change the design color for theAccount connection supportAuth0 providing account connection that able to use multi-way to login same account, checked API andUnexpected Character Error with KindeSDK in Expo/React NativeHi there, I'm currently working on an Expo React Native project where I'm using the KindeSDK for auQuick way to grab valid JWTI'm trying to test my backend with express.js and calling it through postman. Is there an easy way tNextJs Redirect URL issueI updated post_login_redirect_url variable to a new endpoint. However, kinde_callback redirects the Authentication issue after login. Node Express SDK.Hi, I am trying to get integration with my express/node server up and running, I can login, and get kinde-flutter configuration problemsHello everyone! I'm very happy to get started with Kinde and Flutter. I recently started studying FKinde with React Jshey there i was wondering if it possible to handle authentication and authorization on react JS fron