This article explains why the following error occurs intermittently when accessing the JSON Web Key Set (JWKS) URI (https://TENANT_DOMAIN/.well-known/jwks.json) and provides the resolution.

JsonWebTokenError: error in secret or public key callback: socket hang up

• jwks-rsa library
• Node.js

In Node.js-based applications, this error occurs when an ECONNRESET signal is thrown. This indicates that the server closed the socket at the Transmission Control Protocol (TCP) level before the client did. This typically happens when a client reuses a socket for a new request at the same moment the server is closing that socket.

1. Implement caching for the JSON Web Key Set (JWKS).
   Caching reduces the total number of requests made, which lowers the probability of a reused socket clashing with a server-side socket closure. Signing keys change infrequently, such as when a tenant administrator rotates them or in the unlikely event that Auth0 rotates a compromised private key. Thus, the keys can be cached for long periods.
2. If an error occurs after implementing caching, call the jwks.json endpoint directly to ensure the cache is updated.

Related References

• Caching of JWKS endpoint
• ECONNRESET error node.js