With JWT approach we get advantage that we don't need to call auth server every time. We need public key to verify JWT token issued via RSA-256. And public keys are getting rotated (Ref - https://www.keycloak.org/docs/latest/server_admin/#rotating-keys) and hence I have to fetch public key from auth server every time before validating the JWT token.
Then what is the advantage of having JWT, can someone help me understanding this?
Thanks @derpirscher for answer. For future moving your comment as answer
No, you don't need to fetch the key every time. The jwt should contain a keyid if the public key. So when you try to validate your token, check if you have already cached the public key. If not fetch a new key and cache it. Else use the cached key.