JWKS Keys not found #7961
Replies: 3 comments 4 replies
-
Hi! I am also experiencing the same and I have also tried modified the cookie duration in .Net and the PrivateKeyLifetime in Zitadel, but the issue still reproduces. As you have noticed, I have created an issue describing the behavior and also wrote on the Zitadel's Discord channels, but I did not receive any solution or recommendations on what to do so far. Another problem I had with it is that I could not simulate the behavior and debug it locally. How did you refresh the JWKS cache? |
Beta Was this translation helpful? Give feedback.
-
@livio-a @muhlemmer can you help here? |
Beta Was this translation helpful? Give feedback.
-
@sevensolutions your feedback is similar we've received already on keys management. This thread explains the current problems we see with the keys and the proposed solution: #7464. This is the enhancement issue for implementation: #7809 |
Beta Was this translation helpful? Give feedback.
-
Hi,
does anyone else have some problems using ZITADEL with .NET?
I configured it using the standard .AddOpenIdConnect() method and everything is working fine after starting the app.
But after a few hours i can't login anymore, because it cant verify my token anymore, because it looks like ZITADEL has rotated the JWKS.
The default cache duration in .NET is 12h and i thought: Well, there is a configuration in ZITADEL which says "PrivateKeyLifetime" is 6h.
So i changed this to 24h but this also doesn't work. It looks like the keys are still rotated within 12h.
It sounds like a bug to me or is there anything i'am missing in configuration?
As soon as i refresh the JWKS cache or restart the app, it's immetiately working again.
It looks like ZITADEL is rotating the key and immediately using the new keys to sign the tokens. Shouldn't there be a delay so that the apps can update their caches?
Beta Was this translation helpful? Give feedback.
All reactions