Project

General

Profile

Actions
Copy link

Enhancement #27115

open

Add a cache for OIDC validation request

Added by François ARMAND 1 day ago. Updated about 23 hours ago.

Status:
Pending release
Priority:
N/A
Assignee:
Clark ANDRIANASOLO
Target version:
Rudder plugins - 8.3
Pull Request:
https://github.com/Normation/rudder-p...
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
To do
Regression:
No

Description

We need to have the possibility to configure a (short) cache for OIDC opaque token validation request.

The idea is that API request can happen in burst, and you don't want to validate the same token 1000 times in a couple seconds, which is a sure path towards DoS.

Both valid and invalid token should be cache.
For valid token, the cache must not go beyond token expiration date.

The cache should be short, not more than a couple of minute. A warning should be displayed in log if the time is too long, and log an error in even longer duration.

This is not some kind of "remember me" feature, it really is a session-less cache for opaque token only.

Actions
Copy link
 #1

Updated by François ARMAND 1 day ago

  • Status changed from New to In progress
Actions
Copy link
 #2

Updated by François ARMAND 1 day ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Clark ANDRIANASOLO
  • Pull Request set to https://github.com/Normation/rudder-plugins/pull/857
Actions
Copy link
 #3

Updated by Anonymous about 23 hours ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link

Also available in: Atom PDF