Azure makes the public keys for jwt tokens available here:
https://login.microsoftonline.com/common/discovery/v2.0/keys
Are these keys rotated and replaced? If so how frequently?
0
votes
1 Answers
1
votes
I don't think that frequency is disclosed as public information.
Here is related information from Microsoft Docs.
Signing key rollover in Azure Active Directory
For security purposes, Azure AD’s signing key rolls on a periodic basis and, in the case of an emergency, could be rolled over immediately. Any application that integrates with Azure AD should be prepared to handle a key rollover event no matter how frequently it may occur.
