Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/lazy jwks #28

Merged
merged 4 commits into from
Aug 22, 2021
Merged

Feature/lazy jwks #28

merged 4 commits into from
Aug 22, 2021

Conversation

colcek
Copy link
Contributor

@colcek colcek commented Aug 19, 2021

The service tries to fetch JWKS on startup and fails if the link is not available.

In case, when the JWKS is provided by another microservice that service can be down or better, it is not yet discovered by the traefik. Namely, if you would like to fetch JWKS by using traefik's router which is an internal unsecure route, the decode service fails and also may prevent traefik to start as well (in case traefik docker-compose links to decode service)

This fix add an option postpone fetching JWKS when there is a request and tries with every request until it is available. FORCE_JWKS_ON_START controls the behaviour.

SimonSchneider
SimonSchneider requested changes Aug 19, 2021
View reviewed changes
Copy link
Owner

@SimonSchneider SimonSchneider left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks like a nice improvement, but the race condition will have to be resolved.

decoder/jws.go Outdated Show resolved Hide resolved
@colcek
JWKS fetching function is protected by mutex to prevent race conditio…
2a95e37 
…n, and added test case for one valid public jwks
SimonSchneider
SimonSchneider approved these changes Aug 22, 2021
View reviewed changes
Copy link
Owner

@SimonSchneider SimonSchneider left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you for the PR!

@SimonSchneider SimonSchneider merged commit 23966d0 into SimonSchneider:master Aug 22, 2021
@SimonSchneider
Copy link
Owner

SimonSchneider commented Aug 22, 2021
edited

Thanks for your contribution @colcek. version 0.0.43 released on docker hub. docker pull simonschneider/traefik-jwt-decode:0.0.43

@bennesp bennesp mentioned this pull request Dec 6, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SimonSchneider SimonSchneider SimonSchneider approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@colcek @SimonSchneider