Refresh the JWKS URI of an OAuth identity provider¶
When you configure an OAuth identity provider in Confluent Cloud, the JWKS URI you
provided is used by Confluent OAuth to fetch the public key data for
validation of the JWT access tokens. By default, the JWKS URI refreshes
at the frequency specified by the cache-control
header in the response
from the JWKS URI. If a cache-control
value is not specified, the default
refresh period is once a day. Note that the refresh period is capped
at a maximum of seven days. For example, if the response header states that the
JWKS keys are valid for a month, the keys are still refreshed at seven day
intervals.
If the JWKS URI is not available, the automatic refresh fails.
You can manually refresh the JWKS URI of your OAuth identity provider if the automatic refresh fails or if you rotate the public keys of your OAuth identity provider and want the changes to take effect immediately.
Use the Confluent Cloud Console to manually refresh the JWKS URI¶
To manually refresh the JWKS URI of your OAuth identity provider:,
- Sign in to the Confluent Cloud Console and go to the Identity providers tab on the Accounts & access page at http://confluent.cloud/settings/org/identity_providers
- Click the identity provider you want to refresh. The details page appears.
- Click Edit (icon) and then click Refresh JWKS keys.
The refresh operation proceeds and the identity provider details page appears.
Use the Confluent Cloud REST API to manually refresh the JWKS URI¶
To use the Confluent Cloud REST API to make a request to refresh the JWKS URI, see Refresh a provider’s JWKS.