> On 10 Jan 2020, at 17:22, Dick Hardt <dick.ha...@gmail.com> wrote: [...] > > As to the suggestion of using a JWT-decryption-microservice, another goal > would be increased resiliency of the components. If the > JWT-decryption-microservice is unavailable, the whole system is unavailable. > If there are separate keys, then a failure in one component does not fail the > entire system.
Well you can run more than one instance - it’s a completely stateless service. You can also run a separate instance (or set of instances) per key if you like. Neil _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
