TLS sessions from within TEEs

While building our new OAuth feature we had to solve an interesting problem: Enclaves do not have network access, yet we have to fetch a list of public keys to verify OIDC tokens securely. How did we solve this using TEEs?