JWK Rotation
With Descope, all the public keys accessible via a public JWKS endpoint, and your private keys are controlled in the Descope Console under Project Settings.
JWK Key rotation occurs regularly, once a day by default, ensuring a smooth transition to the next key without customer disruption. This ensures ongoing security with minimal impact on active sessions.
On-demand JWK key rotation is also available, often used in case of a security incident or other custom security procedure, allowing management of JWKs at the project level by Company and Project Admins.
Note
After 12 JWK rotations, users with active sessions will have to re-login as JWKs that are more than 12 rotations away from the current one will be invalidated.
When you click on Rotate Key, you will be able to either Rotate (will not affect user sessions) or Rotate and Revoke (will force all users to re-login).
With JWK rotation, you can rest assured that the private keys used to sign Descope JWTs are abstracted away at a project level, and that they are securely stored and used.