Hi, apparently we had a login outage because when getting the known keys (“https://authjs.web3auth.io/jwks” and “https://api-auth.web3auth.io/jwks”) it failed (not sure what exactly was the error response - was it timeout, 404, 500 or anything else).
So my question is, can it happen that these endpoints go down - should we assume that? Should we cache the JWKS on our side (to avoid that request) or do you rotate the keys sometimes?
Hey there! Thanks for sharing these details. Generally, those JWKS endpoints shouldn’t go down, but keys can be rotated occasionally, so we recommend caching them for a reasonable duration (e.g., a few hours or until an error occurs) instead of relying on every request. That way, if there are any transient issues or network hiccups, your login flow won’t break.
If you’re verifying tokens with Web3Auth, you can find more info on verifying JWKS in our docs:
• 404 Page Not Found | Documentation | Web3Auth
Let me know if there’s anything else you need! A member of our support team will keep an eye on this.
Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.
Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours
Hello @silver,
We do rotate the keys periodically, hence the recommendation is to use this endpoint directly. I am unaware of this JWKS outage, however we will investigate it internally. Furthermore, as I understand that JWKS is related to the server-side verification function and should not directly affect logins.