New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support async/reactive style auth mecanism #228
Comments
With virtual thread support, would this mitigate the issue?
Where in the SPI exactly (which type, which method) would you like to see those? Just for my understanding, this would only help when a reactive HTTP server is used right? For using e.g. Tomcat / Serlet there would be no benefit? |
Well yes and no but it has some limits:
So overall I think it should have been thought the other way around even if it can be a temporary workaround sometimes today.
Servlet is reactive since years (v3.0), agree it is maybe not integrated because the API does not enable it but since NIO connectors got adopted with AsyncContext this can be e2e reactive. Note: the reactive part is really the callback nature more than the backpressure and things like that which can be hidden in a higher level or bridge to |
I see, so your goal is basically to free up the http request handling thread, and schedule all outstanding requests for token validations to a separate thread pool? Of course the end user (caller) still has to wait for the result to eventually come back, and our server (the RP) still has to wait for the authentication server (the OP) to respond. Practically speaking, you want to schedule this one on a thread pool / executor service: And if it's indeed scheduled put the http request in async mode? |
@arjantijms the goal is to not have the scalabilty issue of the old blocking programming even when virtual threads are not an option. A simple example is when tomcat has 200 threads and you use blocking everywhere you can only get 200 connections if you have some latency in the system whereas you can go until >10k easily if you don't for example so yes the idea is to leverage the NIO eventing or similar when possible (more than the async which would stick to the same issue where you just fill yet another executor instead of using a #cores executor which is the ~max you can use on a machine). |
OpenID shows that current API is too rigid and, the typical example is the token fetch which is typically a NIO operation but is done synchronously in current implementation so misuse the server resources.
Goal of this task is to ensure the API becomes more friendly to such needs.
Minimum is to expect the SPI return types to be CompletionStage IMHO.
Side note: I don't think depending on a new dependency to be reactive with a lot of verbose API would be good for the project, sticking to java is sufficient IMHO.
The text was updated successfully, but these errors were encountered: