AWS Cognito keys rotation frequency


I am using Cognito JWKS URI https://cognito-idp.<Region><userPoolId>/.well-known/jwks.json to get public keys. In this service, it is a simple passthrough of the data from this URL to the client.

I want to add a cache there. In the documentation, it is stated that keys are sometimes rotated but I cannot find any information on how often this happens.

Is there any more conclusive information on how often these keys are rotated?

已提問 1 年前檢視次數 783 次
1 個回答

I don't think that is documented anywhere. We used Cognito for years and can't remember them ever being rotated. I would say it's safe to cache for at least 24hours or even more. But it's very hard to say.

profile picture
已回答 1 年前

您尚未登入。 登入 去張貼答案。

