You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The OpenWhisk SDK uses the iam-token-manager package to plug in IAM token support as the default authHandler for openwhisk client instances that interact with IAM namespaces.
When customers try to invoke many actions from one other action, they inadvertently trigger a lot of getAuthHeader() calls on the iam-token-manager 'concurrently'. The word 'concurrently' is in quotation marks, as nodejs is single threaded, yet while the getToken() request is in-flight, all the other getAuthHeader() calls trigger many more (unnecessary) getToken() requests.
This leads to a 429 'Too many request' Denial of Service protection error from the IAM token API.
Therefore, the caching behavior for the tokenInfo (Token Request response JSON) and the logic for when to request another token needs to be improved.
For simple scenarios, the code is working just fine, so this issue could be considered an enhancement as well.
Fyi: I have some code that addresses this issue ready soon.
The text was updated successfully, but these errors were encountered:
The OpenWhisk SDK uses the iam-token-manager package to plug in IAM token support as the default authHandler for openwhisk client instances that interact with IAM namespaces.
When customers try to invoke many actions from one other action, they inadvertently trigger a lot of getAuthHeader() calls on the iam-token-manager 'concurrently'. The word 'concurrently' is in quotation marks, as nodejs is single threaded, yet while the getToken() request is in-flight, all the other getAuthHeader() calls trigger many more (unnecessary) getToken() requests.
This leads to a 429 'Too many request' Denial of Service protection error from the IAM token API.
Therefore, the caching behavior for the tokenInfo (Token Request response JSON) and the logic for when to request another token needs to be improved.
For simple scenarios, the code is working just fine, so this issue could be considered an enhancement as well.
Fyi: I have some code that addresses this issue ready soon.
The text was updated successfully, but these errors were encountered: