Reusability and thread-safety of JwtConsumer
First, thanks for this nice library.
At first glance it seems that both JwtConsumerBuilder and JwtConsumer are thread-safe and can be reused, but on deeper inspection we've found that's not the case because of NumericDateValidator.evaluationTime which is set in the constructor.
It would be nice if we could build a JwtConsumer only once and just reuse it for every token validation.
Comments (7)
-
repo owner -
repo owner - changed status to resolved
fix
#25so now if an explicit evaluation time isn’t given to the JwtConsumer[Builder], get the current time during NumericDateValidator.validate(...) so that a JwtConsumer can be created once and used many times and in multiple threads→ <<cset bf34a2f50ce4>>
-
repo owner -
repo owner - attached jose4j-0.4.3-SNAPSHOT.jar
here's a snapshot build, if you want to play with it
-
Account Deleted I've tried it and it looks good. Thanks for the quick fix:)
-
repo owner Glad to hear it.
-
repo owner FYI that 0.4.3, which contains the fix for this, was released today.
- Log in to comment
Yeah, okay, that's definitely a fair request. I really need to be able to set an evaluation time for a bunch of tests but I could make it so things are thread-safe and can be reused when an explicit evaluation time isn't given. And maybe also think about better/different ways of exposing something to help with testing.