[Bug] Many 'concurrent' getAuthHeader() calls cause 429 response from IAM #12
Labels
bug
Something isn't working
Comments
|
The code is here: https://github.com/ASEIDEL77/iam-token-manager-nodejs/tree/12_Enhance_tokenInfo_Caching_Behavior Still needs to be tested and verified. I'll open a PR, once that is done. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The OpenWhisk SDK uses the iam-token-manager package to plug in IAM token support as the default authHandler for openwhisk client instances that interact with IAM namespaces.
When customers try to invoke many actions from one other action, they inadvertently trigger a lot of getAuthHeader() calls on the iam-token-manager 'concurrently'. The word 'concurrently' is in quotation marks, as nodejs is single threaded, yet while the getToken() request is in-flight, all the other getAuthHeader() calls trigger many more (unnecessary) getToken() requests.
This leads to a 429 'Too many request' Denial of Service protection error from the IAM token API.
Therefore, the caching behavior for the tokenInfo (Token Request response JSON) and the logic for when to request another token needs to be improved.
For simple scenarios, the code is working just fine, so this issue could be considered an enhancement as well.
Fyi: I have some code that addresses this issue ready soon.
The text was updated successfully, but these errors were encountered: