Lazy JWT Key Rotation in .NET: Redis-Powered JWKS That Just Works
Summary
The article presents a production ready approach to rotating JWT signing keys using Redis backed JWKS. It introduces a JwksKeyManager that stores RSA keys in Redis with separate lifetimes for private and public components (90 days and 365 days, respectively), and maintains a history to serve all active keys via the JWKS endpoint. It demonstrates zero cron tasks by leveraging Redis TTL expiry and covers endpoints for token issuance, rotation, and revocation, plus caching considerations in the client and middleware.