Hi Inthirakumaaran, What about the case where the user sends a JWT signed with the old key, along with JWT grant type to IS? Then don't we need to update the JWT signature validation logic to obtain the keys for the respective JWTs based on the 'kid' value?
Thanks, Sathya On Tue, Apr 23, 2019 at 11:31 AM Inthirakumaaran Tharmakulasingham < [email protected]> wrote: > Hi Shammi, > > Thanks for the input > > So, in each an every validation request step of 6, Certificate resolver >> has to send all the JWKs to JWKS endpoint or will they be cached int he >> JWKS endpoint? If we can cache them, there will be a performance >> improvement right ? However, we have to make sure the cache invalidation >> time out is there. >> > > Already the keys are cached in the keystore manager and in the certificate > resolver, we will perform some validation before exposing those JWKS. I'll > look into the cache validation time out and make sure it performs as > expected. > > Thanks and regards > kumaaran > > *Inthirakumaaran* > Software Engineer | WSO2 > > E-mail:[email protected] > Mobile:+94775558050 > Web:https://wso2.com > > <http://wso2.com/signature> > > > -- Sathya Bandara Senior Software Engineer Blog: https://medium.com/@technospace WSO2 Inc. http://wso2.com Mobile: (+94) 715 360 421 <+94%2071%20411%205032> <+94%2071%20411%205032>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
