Question About JWKS Auto-Refresh Removal in v3 #101
Comments
|
I know this is a question and not a request, but I plan on starting a native implementation that mimics the old "refresh on unknown kid" behavior tomorrow. It seems I may have miscalculated it's utility for other people's use cases. The reason that feature is no longer supported natively is the specific behavior I designed it for added a large amount of complexity to the project. The key rotation strategy for the projects I run do not benefit from that feature. New keys are added with a long delay before they are used. When working on the newer jwkset package, I didn't reimplement the feature because I assumed there were few use cases for it. Since it seems your use case can benefit from the old "refresh on unknown kid" behavior, it is likely that me not including this feature natively in V3 affected more than your use case. This feature can be re-implemented using a custom jwkset client. My plan is to start writing an implementation tomorrow, then publish it to the jwkset project and document it here in the keyfunc project. Thank you for your feedback! |
|
Here's my pull request. Anyone is welcome to take a look. @sc-tomer, how does this look to you? |
|
That's perfect! I can't thank you enough. |
|
Closing due to release of |
Hey, I noticed in v3 the auto-refresh for JWKS when a KID is missing got removed. It was super useful for key rotations.
Just curious, what's the reason behind this change?
Really appreciate the work you've put into this package. It's been a huge help!
The text was updated successfully, but these errors were encountered: