Skip to content

JwtDecoders and NimbusJwtDecoder should use the same JWKSource #10312

New issue
New issue
Closed
Closed
JwtDecoders and NimbusJwtDecoder should use the same JWKSource#10312
Assignees
jzheaux
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
Milestone
5.6.0-RC1
@jzheaux

Description

@jzheaux
jzheaux
opened on Sep 22, 2021

Related to #9991

JwtDecoders and ReactiveJwtDecoders instantiate a RemoteJWKSet in order to discover reasonable defaults for the JWS algorithms a resource server should accept. NimbusJwtDecoder and NimbusReactiveJwtDecoder both instantiate a JWK source as well in order to collect the keys needed to verify JWT signatures.

It would be nice if these shared the same instance. If so, then once JwtDecoders makes a query for the JWK Set, it's already cached for future decode requests.

This is especially nice with the introduction of SupplierJwtDecoder, which lazily loads the NimbusJwtDecoder. Without this proposed optimization, using SupplierJwtDecoder and JwtDecoders together would mean that the first decode request would experience three HTTP calls instead of two.

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions