Skip to content

Provide possibility to configure JWK set cache TTL #8325

New issue
New issue
Closed
Closed
Provide possibility to configure JWK set cache TTL#8325
Assignees
rwinch
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: duplicateA duplicate of another issue
@20fps

Description

@20fps
20fps
opened on Apr 3, 2020

Summary

As a developer I would like to have possibility to configure JWK set cache setting cache TTL I want. In our case we want it to be longer than default - 5 minutes.

Actual Behavior

The cache duration described is hardcoded somewhere inside NimbusJwtDecoder while JWKSource created as:
JWKSource<SecurityContext> jwkSource = new RemoteJWKSet(toURL(this.jwkSetUri), jwkSetRetriever);

Expected Behavior

The cache duration described should be configurable (RemoteJWKSet class has third constructor parameter JWKSetCache that should be used).

Version

I'm using the latest released one, the problem is permanent.

Sample

Currently I'm creating decoder as:
var decoder = JwtDecoders.fromIssuerLocation(issuer);
I'm not sure about the best way to make it configurable, I actually can override it by myself rewriting a lot of code from NimbusJwtDecoder, but I think I'm not the only one who need it and would be nice to have such possibility from your side.
There is a question on stackoverflow as well:
https://stackoverflow.com/questions/60409678/how-to-increase-remotejwkset-cache-ttl-in-spring-security-5-2

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: duplicateA duplicate of another issue

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions