JwtDecoders and NimbusJwtDecoder should use the same JWKSource #10312
Assignees
Labels
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
type: enhancement
A general enhancement
Milestone
Comments
jzheaux
added
type: enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Related to #9991
JwtDecodersandReactiveJwtDecodersinstantiate aRemoteJWKSetin order to discover reasonable defaults for the JWS algorithms a resource server should accept.NimbusJwtDecoderandNimbusReactiveJwtDecoderboth instantiate a JWK source as well in order to collect the keys needed to verify JWT signatures.It would be nice if these shared the same instance. If so, then once
JwtDecodersmakes a query for the JWK Set, it's already cached for future decode requests.This is especially nice with the introduction of
SupplierJwtDecoder, which lazily loads theNimbusJwtDecoder. Without this proposed optimization, usingSupplierJwtDecoderandJwtDecoderstogether would mean that the first decode request would experience three HTTP calls instead of two.The text was updated successfully, but these errors were encountered: