You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
JWK endpoints expose keys which typically are not frequently rotated.
Currently CrateDB requests public keys on each authentication request which might be too expensive.
We could add support of Cache-Control: max-age header (value in seconds) to control caching policy per authentication provider.
Some details: https://github.com/auth0/java-jwt already supports caching, but we need to cache JwkProvider instances on our own (instead of creating it per request in jwkProvider) to actually utilize caching.
The text was updated successfully, but these errors were encountered:
Isn't this considered a bug, as the caching mechanism was mentioned in the original issue #14238 ?
Why would this justify to treat this as a bug? AFAIK this is not related to a functional part but rather an optimization. Or is something breaking without a cache in place?
Why would this justify to treat this as a bug? AFAIK this is not related to a functional part but rather an optimization. Or is something breaking without a cache in place?
Sorry, should have been more clear. When we were providing feedback on this feature the assumption was that caching is part of the initial scope and there was maybe just as slight issue why it was not working properly. What is unclear from the documentation: Would the current behavior for every query / POST to /_sql fetch the public key from the remote server? That seems excessive and potentially slow down querying by quite a lot.
So not a bug, but rather a non-functional requirement for the initial feature request.
Problem Statement
JWK endpoints expose keys which typically are not frequently rotated.
Currently CrateDB requests public keys on each authentication request which might be too expensive.
We could add support of
Cache-Control: max-age
header (value in seconds) to control caching policy per authentication provider.Some details:
https://github.com/auth0/java-jwt already supports caching, but we need to cache JwkProvider instances on our own (instead of creating it per request in
jwkProvider
) to actually utilize caching.The text was updated successfully, but these errors were encountered: