Sandeep More created KNOX-3150:
----------------------------------
Summary: Support for caching JWKS keys
Key: KNOX-3150
URL: https://issues.apache.org/jira/browse/KNOX-3150
Project: Apache Knox
Issue Type: Bug
Components: JWT
Reporter: Sandeep More
Assignee: Sandeep More
Currently the JWKS keys are not cached by knox this is a problem. There are two
major issues here
1. Knox will hit the JWKS endpoint for every single request to verify the token
this would overwhelm the JWKS endpoint
2. In case the endpoint goes down we need a way for Knox to be able to verify
the tokens.
This can be done is DefaultTokenAuthoritySerive class
by using
{code:java}
JWKSource<SecurityContext> keySource = JWKSourceBuilder.create(new URL(jwksurl))
.retrying(true)
.cache(TTL, cacheRefreshTTL)
.outageTolerant(outageTTL)
.build();
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
