From 256cf65fb9951e09c47595db8901c5f05c8ce4ca Mon Sep 17 00:00:00 2001
From: Paul Atkin <atkinpa@gmail.com>
Date: Sun, 7 Jun 2026 03:49:36 +0000
Subject: [PATCH] Update app/api/auth2.py

---
 app/api/auth2.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/api/auth2.py b/app/api/auth2.py
index 63172c1..33650d4 100644
--- a/app/api/auth2.py
+++ b/app/api/auth2.py
@@ -8,7 +8,13 @@ TENANT_ID = "your-tenant-id"
 API_CLIENT_ID = "your-backend-api-client-id" # The Application ID of the API itself
 JWKS_URL = f"https://login.microsoftonline.com/{TENANT_ID}/discovery/v2.0/keys"
 
-jwks_client = PyJWKClient(JWKS_URL)
+jwks_client = PyJWKClient(
+    JWKS_URL,
+    cache_keys=True,        # Enabled by default. Set to False to disable caching completely.
+    max_cached_keys=16,     # The maximum number of distinct keys to store (Default is 16).
+    cache_jwk_set=True,     # Caches the entire JWK set response, not just individual keys.
+    lifespan=3600           # How long (in seconds) keys stay in the cache before expiring (Default: 3600s / 1 hour).
+)
 
 # Native security scheme enables the top-right "Authorize" button in Swagger UI
 oauth2_scheme = OAuth2AuthorizationCodeBearer(