why to fetch public key dynamically for verifying JWT token (RSA-256)

With JWT approach we get advantage that we don't need to call auth server every time. We need public key to verify JWT token issued via RSA-256. And public keys are getting rotated (Ref - https://www.keycloak.org/docs/latest/server_admin/#rotating-keys) and hence I have to fetch public key from auth server every time before validating the JWT token.

Then what is the advantage of having JWT, can someone help me understanding this?

Solution

Thanks @derpirscher for answer. For future moving your comment as answer

No, you don't need to fetch the key every time. The jwt should contain a keyid if the public key. So when you try to validate your token, check if you have already cached the public key. If not fetch a new key and cache it. Else use the cached key.

Next-auth getToken dont working on serverside
Azure Function to generate JWT token error desterilising private key stored in key vault secret
WebFluxSecurity does not add Authentication to SecurityContext
Illegal base64url character: ' ' when getting claims/decode from token Java JWT Spring Boot
IDX12723: Unable to decode the payload '[PII of type 'System.String' is hidden
Custom encryption approach in PHP (like JWT) – is this secure enough
Blazor Web App 9 (Server / Gloabl) JWT Authentication
How to get "exp" from jwt token and compare with it current time to check if token is expired
How to Properly Set Up Auth Middleware in Nuxt 3 with Node.js Backend?
Coinbase: Authenticating with JWT in PHP
Apim policy to validat token for b2b and as well as b2c tenant token endpoints
how does OIDC /revoke work for JWT access_token when JWT validation is mostly stateless
How can I sync JWT blacklists in PHP microservices without a bottleneck or SPOF?
Why does Spring Boot return 403 Forbidden for a POST request to a secured endpoint even with a valid JWT?
Calling api request inside an interceptor for jwt refresh token going to an infinite loop
Blazor WASM - Component State from Server Missing
Spring security JWT without OAuth
Get Access Token from Microsoft Graph for ClientId with delegated permissions
Azure Access token just created but not capable to verify that is authentic
Invalidation of previous JWT Tokens in Django Rest Framework
Use delegated permissions with Client App Registration
Create middleware which rewrites headers and redirects url to API server
Using Postman Vault secrets in JWT generation in Pre-request script
JWT token authentication fails with message "PII is hidden"
How to decode JWT Token?
Authorized Client Applications not working with azure-cli
Getting user data through an Azure AD OAuth login - React Native Expo App
How to properly handle token expiry with Auth.js (NextAuth v5)?
Two blazor server apps sharing same Authentication Library Project and same Library Project for SignalR communication
Error with autowiring in WebSecurityConfiguration bean Spring boot security