Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve public key fetching for IdTokenVerifier #930

Closed
TimurSadykov opened this issue Jun 13, 2022 · 1 comment · Fixed by #983
Closed

Improve public key fetching for IdTokenVerifier #930

TimurSadykov opened this issue Jun 13, 2022 · 1 comment · Fixed by #983
Assignees
@TimurSadykov
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@TimurSadykov
Copy link
Member

Current implementation of the public key fetching does refresh public keys every hour. If public certs refresh fails during refresh - ID token validation is blocked until refresh succeeds. Normally we expect that to be rare and transient, but we want to try to avoid it altogether.

Alternative solution is to check certificate field for expiration date and refresh when the date is close. Potentially we want to consider a combination of two.
@TimurSadykov TimurSadykov added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. priority: p2 Moderately-important priority. Fix may not be included in next release. labels Jun 13, 2022
@TimurSadykov TimurSadykov self-assigned this Jun 13, 2022
@TimurSadykov TimurSadykov added priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. and removed priority: p2 Moderately-important priority. Fix may not be included in next release. labels Aug 12, 2022
@TimurSadykov TimurSadykov mentioned this issue Aug 19, 2022
Merged
@TimurSadykov TimurSadykov added priority: p2 Moderately-important priority. Fix may not be included in next release. and removed priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. labels Aug 23, 2022
@TimurSadykov
Copy link
Member Author

The issue is mitigated with additional retries, leaving with lower priority for complete refactor later. We want to get rid of hourly public key updates.

@TimurSadykov TimurSadykov added priority: p3 Desirable enhancement or fix. May not be included in next release. and removed priority: p2 Moderately-important priority. Fix may not be included in next release. labels Aug 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TimurSadykov TimurSadykov

Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: add retries to public key fetch googleapis/google-auth-library-java
1 participant
@TimurSadykov