Actions
Enhancement #27115
open
Add a cache for OIDC validation request
Effort required:
Name check:
To do
Fix check:
Checked
Regression:
No
Description
We need to have the possibility to configure a (short) cache for OIDC opaque token validation request.
The idea is that API request can happen in burst, and you don't want to validate the same token 1000 times in a couple seconds, which is a sure path towards DoS.
Both valid and invalid token should be cache.
For valid token, the cache must not go beyond token expiration date.
The cache should be short, not more than a couple of minute. A warning should be displayed in log if the time is too long, and log an error in even longer duration.
This is not some kind of "remember me" feature, it really is a session-less cache for opaque token only.
Updated by François ARMAND 22 days ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Clark ANDRIANASOLO
- Pull Request set to https://github.com/Normation/rudder-plugins/pull/857
Updated by Anonymous 21 days ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder:rudder-plugins|73d39db8b725bc914408e5f46df4ab7a99fdb979.
Updated by François ARMAND 20 days ago
- Related to Enhancement #27102: OAuth2 documentation needs a quick start guide for tokens added
Actions