Scenario: In case we are using asymmetric RSA signatures. We have an Auth service which exposes a static endpoint which serves the public JWT key. All other microservices hit that endpoint to get the public key and verify access for a request they received.
To avoid repetitive requests to the Auth service, we want to cache the public key in each microservice. We could set a specific lifetime for any private/key pair and set the cache expiry by that, but what if we don't know that lifetime upfront? What is the right way to update the reaching microservices automatically to get a new public key?