chibenwa commented on code in PR #2744:
URL: https://github.com/apache/james-project/pull/2744#discussion_r2167473547
##########
server/protocols/jwt/src/main/java/org/apache/james/jwt/JwtTokenVerifier.java:
##########
@@ -67,12 +99,19 @@ public static JwtTokenVerifier create(JwtConfiguration
jwtConfiguration) {
private static final Logger LOGGER =
LoggerFactory.getLogger(JwtTokenVerifier.class);
+ private final JwtParser kidJwtParser;
private final List<JwtParser> jwtParsers;
public JwtTokenVerifier(PublicKeyProvider pubKeyProvider) {
+ // one parser that performs key lookup by kid
+ this.kidJwtParser = toImmutableJwtParser(jwtHeaders -> {
+ String kid = Objects.requireNonNull((String)jwtHeaders.get("kid"));
+ return pubKeyProvider.get(kid).orElse(null);
Review Comment:
Before we were loading public keys only at startup.
Now we are loading keys on each and every token we verify. Thus I would not
be surprised performance significantly degrades.
Maybe we could load upfront a `Map<Kid -> PublicKey> in the
DefaultPublicKeyProvider in order to keep this desirable property?
Maybe the
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org
For additional commands, e-mail: notifications-h...@james.apache.org
