feat: better caching/fetching of JWKs from Auth0

[marius-mather]

Description

Fetching of JWKs looks like a possible cause of slow responses in the backend API. Make some improvements to minimize the impacts of JWK lookups on response time.

Changes

• Increase caching time for JWKs (30 minutes -> 6 hours)
• Add locking to prevent multiple lookups when cache needs updating
• Test locking/caching behaviour
• Improve concurrency test reliability by replacing time.sleep() with explicit Event-based synchronization and increasing thread timeouts

Checklist

• I have commented my code, particularly in hard-to-understand areas
• I have added unit / integration tests that prove my fix is effective or that my feature works
• I have run all tests locally and they pass
• I have updated the documentation (if applicable)
• For any new secrets, I have updated the shared spreadsheet and the GitHub Secrets.

How to Test Manually (if necessary)

Run uv run pytest

---

⌨️ Start Copilot coding agent tasks without leaving your editor — available in VS Code, Visual Studio, JetBrains IDEs and Eclipse.

[Copilot]

Pull request overview

Improves Auth0 JWKS fetching to reduce request latency by extending JWKS caching and preventing concurrent refresh stampedes, with a new concurrency-focused test.

Changes:

• Increase JWKS cache TTL from 30 minutes to 6 hours.
• Add a module-level lock to ensure only one JWKS refresh occurs when the cache expires (and lock cache clear on retry).
• Add a test to validate concurrent refresh behavior.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.

File	Description
auth/validator.py	Extends JWKS cache TTL and adds locking around refresh/clear paths.
tests/auth/test_auth_validator.py	Adds a concurrency test to ensure only one JWKS refresh occurs when expired.
uv.lock	Updates editable package version metadata.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• astral.sh
  • Triggering command: /usr/bin/curl curl -LsSf REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)