I am using ueberauth/Guardian to authenticate users against google. It works, but I have a problem with keys rotations that google executes: ueberuath makes the challenge phase, and guardian receives the token and verifies it, extrapolating claims etc etc
My problem is that Google rotates the keys (which are here: https://www.googleapis.com/oauth2/v3/certs) and I don’t understand how to deal with such rotation. There’s no info on which one of the two to use. Also, reading here:
These keys are regularly rotated; examine the
Cache-Controlheader in the response to determine when you should retrieve them again.
but does not tell anything more.
How should I handle this key rotation ? Which key should I use in what case ?