vigneshio commented on PR #4620: URL: https://github.com/apache/polaris/pull/4620#issuecomment-4631805562
Thanks @adutra, you're absolutely right — since the broker is request-scoped, caching inside it still allocates a verifier per request. I'll move the `Algorithm` and `JWTVerifier` construction into the `TokenBrokerFactory` implementations, cached per realm alongside the existing key/secret caches, and pass the prebuilt instances into the broker so they're built once per realm. I'll push an update shortly. One side effect worth flagging: for the (uncommon) file-based symmetric secret, the secret would then be read once per realm at first use rather than per request — consistent with how the factory already caches per-realm material, but it means a rotated on-disk secret requires a restart. Let me know if you'd prefer to preserve per-request re-reading for that case. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
