[
https://issues.apache.org/jira/browse/KNOX-3150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandeep More resolved KNOX-3150.
--------------------------------
Resolution: Fixed
> Support for caching JWKS keys
> -----------------------------
>
> Key: KNOX-3150
> URL: https://issues.apache.org/jira/browse/KNOX-3150
> Project: Apache Knox
> Issue Type: Bug
> Components: JWT
> Reporter: Sandeep More
> Assignee: Sandeep More
> Priority: Major
> Fix For: 2.1.0
>
>
> Currently the JWKS keys are not cached by knox this is a problem. There are
> two major issues here
> 1. Knox will hit the JWKS endpoint for every single request to verify the
> token this would overwhelm the JWKS endpoint
> 2. In case the endpoint goes down we need a way for Knox to be able to verify
> the tokens.
> The parameters that can be configured in gateway-site.xml are
> {code:java}
> // defailt: in millisec 20 mins
> gateway.jwks.cache.ttl = 20 * 60 * 1000
> // default: in millisecs 15 secs
> gateway.jwks.cache.refresh.interval = 15 * 1000
> {code}
> This can be done is DefaultTokenAuthoritySerive class
> by using
> {code:java}
> JWKSource<SecurityContext> keySource = JWKSourceBuilder.create(new
> URL(jwksurl))
> .retrying(true)
> .cache(TTL, cacheRefreshTTL)
> .outageTolerant(outageTTL)
> .build();
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
