Introspect endpoint vs local JWT validation
I have a question regarding our implemention regarding our Frontend/Backend communication.
Currently I am doing a PoC where every time our frontend makes a request to our backend, the backend is reaching out to Zitadel's introspection endpoint to validate that the token is active. Is this the best practice for validating the token as it would mean a lot of requests going to the introspect endpoint? Is there throttling for this endpoint?
The alternative from what I understand would be to get the public keys JSON Web Key Set (JWKS) and doing a local validation, with the caveout that we don't know when the keys change
Currently I am doing a PoC where every time our frontend makes a request to our backend, the backend is reaching out to Zitadel's introspection endpoint to validate that the token is active. Is this the best practice for validating the token as it would mean a lot of requests going to the introspect endpoint? Is there throttling for this endpoint?
The alternative from what I understand would be to get the public keys JSON Web Key Set (JWKS) and doing a local validation, with the caveout that we don't know when the keys change
