Enhancement #27115
closed
Add a cache for OIDC validation request
Description
We need to have the possibility to configure a (short) cache for OIDC opaque token validation request.
The idea is that API request can happen in burst, and you don't want to validate the same token 1000 times in a couple seconds, which is a sure path towards DoS.
Both valid and invalid token should be cache.
For valid token, the cache must not go beyond token expiration date.
The cache should be short, not more than a couple of minute. A warning should be displayed in log if the time is too long, and log an error in even longer duration.
This is not some kind of "remember me" feature, it really is a session-less cache for opaque token only.
Updated by François ARMAND about 1 month ago
- Status changed from New to In progress
Updated by François ARMAND about 1 month ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Clark ANDRIANASOLO
- Pull Request set to https://github.com/Normation/rudder-plugins/pull/857
Updated by Anonymous about 1 month ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder:rudder-plugins|73d39db8b725bc914408e5f46df4ab7a99fdb979.
Updated by François ARMAND about 1 month ago
- Related to Enhancement #27102: OAuth2 documentation needs a quick start guide for tokens added
Updated by Félix DALLIDET 13 days ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder plugin auth-backends v8.3.3-2.7