[
https://issues.apache.org/jira/browse/KNOX-3150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17951324#comment-17951324
]
ASF subversion and git services commented on KNOX-3150:
-------------------------------------------------------
Commit 2629b08c5ac45211717763b1ecfa26eac7118ec7 in knox's branch
refs/heads/master from Sandeep Moré
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=2629b08c5 ]
KNOX-3150 - Add support for caching JWKS keys (#1044)
> Support for caching JWKS keys
> -----------------------------
>
> Key: KNOX-3150
> URL: https://issues.apache.org/jira/browse/KNOX-3150
> Project: Apache Knox
> Issue Type: Bug
> Components: JWT
> Reporter: Sandeep More
> Assignee: Sandeep More
> Priority: Major
>
> Currently the JWKS keys are not cached by knox this is a problem. There are
> two major issues here
> 1. Knox will hit the JWKS endpoint for every single request to verify the
> token this would overwhelm the JWKS endpoint
> 2. In case the endpoint goes down we need a way for Knox to be able to verify
> the tokens.
> The parameters that can be configured in gateway-site.xml are
> {code:java}
> // defailt: in millisec 20 mins
> gateway.jwks.cache.ttl = 20 * 60 * 1000
> // default: in millisecs 15 secs
> gateway.jwks.cache.refresh.interval = 15 * 1000
> {code}
> This can be done is DefaultTokenAuthoritySerive class
> by using
> {code:java}
> JWKSource<SecurityContext> keySource = JWKSourceBuilder.create(new
> URL(jwksurl))
> .retrying(true)
> .cache(TTL, cacheRefreshTTL)
> .outageTolerant(outageTTL)
> .build();
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
