Reative implementation of validation with remote JWKS fetch keys on every validations #1734
Comments
|
We updated to micronaut 4.5.0 this morning and removed our static jwks file (as described here) and observed that the JWKS url was fetched more often. It seems that ReactiveJwksSignature did not implement a cache. Reference : JwksSignature. |
graemerocher
added
the
type: improvement
|
+1, it seems there is no caching control for the reactive implementation. While nimbus implementation is logging errors: #1684 additionally, we noticed that using default micronaut-http-client will cause using a pool for the HttpClient, while it cause our tracing system to catch another confusing error as: |
|
Hitting this same bug, would be nice to fix because I'm having issues downgrading from 4.5 due to a KSP bug. |
|
This was impacting me and my teams too, would love some feedback on my pull request, #1815, here. There are some trade-offs discussed on the PR description. |
Expected Behavior
Remote JWKS validation should be cached and fetched only when expired as defined by JwksSignatureConfiguration::getCacheExpiration
Actual Behaviour
Every time a JWT needs to be validated, the remote JWKS is fetched
Steps To Reproduce
No response
Environment Information
No response
Example Application
No response
Version
4.5.0
The text was updated successfully, but these errors were encountered: