Project

General

Profile

Actions
Copy link

Enhancement #27115

closed

Add a cache for OIDC validation request

Added by François ARMAND 2 months ago. Updated about 1 month ago.

Status:
Released
Priority:
N/A
Assignee:
Clark ANDRIANASOLO
Target version:
Rudder plugins - 8.3
Pull Request:
https://github.com/Normation/rudder-p...
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
Checked
Regression:
No

Description

We need to have the possibility to configure a (short) cache for OIDC opaque token validation request.

The idea is that API request can happen in burst, and you don't want to validate the same token 1000 times in a couple seconds, which is a sure path towards DoS.

Both valid and invalid token should be cache.
For valid token, the cache must not go beyond token expiration date.

The cache should be short, not more than a couple of minute. A warning should be displayed in log if the time is too long, and log an error in even longer duration.

This is not some kind of "remember me" feature, it really is a session-less cache for opaque token only.

Related issues 1 (0 open1 closed)

Related to Rudder - Enhancement #27102: OAuth2 documentation needs a quick start guide for tokensResolvedClark ANDRIANASOLOActions
Actions
Copy link

Also available in: Atom PDF