Libert obtains the exact same OIDC client metadata from DB many times

[jensengelke]

Describe the bug When openidConnectServer is configured and Liberty manages one or many OIDC clients, requests for authentication or token validation frequently query the exact same information from the OIDC database.

Steps to Reproduce Configure an OIDC RP and invoke an authorization code or implicit flow login flow. Observe the queries sent to the OIDC database by the OIDC OP.

Expected behavior It should be possible to cache client information for a configurable time. Typically, OIDC client registrations change infrequently. MAYBE, a client is deleted or updated with a different set of redirect URLs. A slight delay in this change become active appears acceptable.

Diagnostic information:

• OpenLiberty Version: 20.0.0.9 (and earlier)
• Java Version:

  java version "1.8.0_251"
  Java(TM) SE Runtime Environment (build 8.0.6.10 - pwa6480sr6fp10-20200408_01(SR6 FP10))
  IBM J9 VM (build 2.9, JRE 1.8.0 Windows 10 amd64-64-Bit Compressed References 20200402_443261 (JIT enabled, AOT enabled)
  OpenJ9   - 35ef566
  OMR      - 4bca4f4
  IBM      - 55acf4a)
  JCL - 20200407_01 based on Oracle jdk8u251-b08

[Emily-Jiang]

@teddyjtorres @ayoho can you take a look, please?

[teddyjtorres]

This is a feature update, not a bug.

[chunlongliang-ibm]

In a single login, we should avoid calling database multiple times to fetch the same client metadata data. We should investigate if there is db call that could be avoided, for example, in a code path, if we repeatedly call the db or not, and those duplication could be easily removed

[teddyjtorres]

I agree we should look into minimizing the lookups along with the side effects of this enhancement request.