OAuth userinfo should be cached #21937

oneonestar · 2024-05-11T15:07:02Z

OAuth userinfo get from Idp should be cached. (userinfo from http-server.authentication.oauth2.userinfo-url)
Otherwise every time a user access WEB_UI API will trigger a HTTP call from coordinator to Idp to fetch userinfo.

Trino WebUI constantly fetch from /ui/api/stats, /ui/api/cluster, and /ui/api/query. Each API call will trigger a HTTP call to Idp in coordinator.

Benefits of adding a cache:

improve the performance for WebUI
lower the workload for coordinator

trino/core/trino-main/src/main/java/io/trino/server/security/oauth2/NimbusOAuth2Client.java

Lines 397 to 400 in 6d20ac2

    
           private Optional<JWTClaimsSet> queryUserInfo(String accessToken) 
        
           { 
        
               try { 
        
                   UserInfoResponse response = httpClient.execute(new UserInfoRequest(userinfoUrl.get(), new BearerAccessToken(accessToken)), UserInfoResponse::parse);

Call stack:

queryUserInfo:400, NimbusOAuth2Client (io.trino.server.security.oauth2)
getJWTClaimsSet:392, NimbusOAuth2Client (io.trino.server.security.oauth2)
getClaims:184, NimbusOAuth2Client (io.trino.server.security.oauth2)
getAccessTokenClaims:142, OAuth2WebUiAuthenticationFilter (io.trino.server.ui)
2 hidden frames
filter:98, OAuth2WebUiAuthenticationFilter (io.trino.server.ui)
57 hidden frames

A naive cache implementation on queryUserInfo() shows significant improvement on latency.
Before:

After:

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OAuth userinfo should be cached #21937

OAuth userinfo should be cached #21937

oneonestar commented May 11, 2024 •

edited

OAuth userinfo should be cached #21937

OAuth userinfo should be cached #21937

Comments

oneonestar commented May 11, 2024 • edited

oneonestar commented May 11, 2024 •

edited