Improve public key fetching for IdTokenVerifier #930
Labels
priority: p3
Desirable enhancement or fix. May not be included in next release.
type: bug
Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Current implementation of the public key fetching does refresh public keys every hour. If public certs refresh fails during refresh - ID token validation is blocked until refresh succeeds. Normally we expect that to be rare and transient, but we want to try to avoid it altogether.
Alternative solution is to check certificate field for expiration date and refresh when the date is close. Potentially we want to consider a combination of two.
The text was updated successfully, but these errors were encountered: