- edited description
Reusing HTTPS JWKS endpoint
Hi there,
Just to get help on better understanding how to reuse the HTTPS JWKS endpoint. Lets say I have a generic method to validate the token where i have two inputs
1) token
2) jwksURL
inside the generic method we always have. The url can be different
HttpsJwks httpsJkws = new HttpsJwks("https://example.com/jwks");
then do further processing of validating the token
the question is inside the generic method when we get token and url, as input and we always have new HTTpsJWKS which will create the object everytime and that will result in no cache.
Even if i pass the httpsJkws object refernce to that method --- from different places how do i get the httpsJkws reference. is it some thing do we need to create our own cache for the httpsJkws object refeerence.
thanks
Comments (5)
-
reporter -
repo owner Yes, the
HttpsJwks
instance will cache the keys retrieved from the given location based on the cache directive headers and/or thesetDefaultCacheDuration(long)
but you need to keep using the same instance to get the benefit of the caching. How you do that is really up to your application but yes something like your own cache for theHttpsJwks
objects might be needed. -
reporter cool thanks for better understanding
-
repo owner - changed status to resolved
You're welcome. I added a bit of text to the HttpsJwks javadoc saying the same thing with 29e0406
-
repo owner - changed status to closed
- Log in to comment