Error getting public JWKS files

silver · March 21, 2025, 9:34am

Hi, apparently we had a login outage because when getting the known keys (“https://authjs.web3auth.io/jwks” and “https://api-auth.web3auth.io/jwks”) it failed (not sure what exactly was the error response - was it timeout, 404, 500 or anything else).

So my question is, can it happen that these endpoints go down - should we assume that? Should we cache the JWKS on our side (to avoid that request) or do you rotate the keys sometimes?

yashovardhan · March 25, 2025, 8:09am

Hello @silver,

We do rotate the keys periodically, hence the recommendation is to use this endpoint directly. I am unaware of this JWKS outage, however we will investigate it internally. Furthermore, as I understand that JWKS is related to the server-side verification function and should not directly affect logins.