[
https://issues.apache.org/jira/browse/KNOX-3150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18004061#comment-18004061
]
ASF subversion and git services commented on KNOX-3150:
-------------------------------------------------------
Commit 021d4e4166c1c26334aaa3b88552b02906a91d85 in knox's branch
refs/heads/dependabot/npm_and_yarn/knox-token-generation-ui/multi-635efc449e
from Sandeep Moré
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=021d4e416 ]
KNOX-3150 - Fix a bug where jwks keys might not be cached properly (#1045)
* KNOX-3150 - Fix a bug where jwks keys might not be cached properly
* KNOX-3150 - Review comments
> Support for caching JWKS keys
> -----------------------------
>
> Key: KNOX-3150
> URL: https://issues.apache.org/jira/browse/KNOX-3150
> Project: Apache Knox
> Issue Type: Bug
> Components: JWT
> Reporter: Sandeep More
> Assignee: Sandeep More
> Priority: Major
> Fix For: 2.1.0
>
>
> Currently the JWKS keys are not cached by knox this is a problem. There are
> two major issues here
> 1. Knox will hit the JWKS endpoint for every single request to verify the
> token this would overwhelm the JWKS endpoint
> 2. In case the endpoint goes down we need a way for Knox to be able to verify
> the tokens.
> The parameters that can be configured in gateway-site.xml are
> {code:java}
> // defailt: in millisec 20 mins
> gateway.jwks.cache.ttl = 20 * 60 * 1000
> // default: in millisecs 15 secs
> gateway.jwks.cache.refresh.interval = 15 * 1000
> {code}
> This can be done is DefaultTokenAuthoritySerive class
> by using
> {code:java}
> JWKSource<SecurityContext> keySource = JWKSourceBuilder.create(new
> URL(jwksurl))
> .retrying(true)
> .cache(TTL, cacheRefreshTTL)
> .outageTolerant(outageTTL)
> .build();
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
