Open jofleck opened 1 week ago
The commit history of the caching function says that refreshing in the "background" is done intentionally rather than blocking until the keys are refreshed. But this can lead to the misbehavior I mentioned before :)
Maybe we can let the developers decide if the key refreshing should be done blocking or non-blocking?
Checklist
Description
It seems like this library suffers a small race condition, when an IDP uses rolling keys. Under circumstances the validation of an JWT/JWK fails the first time.
Reproduction
Go JWT Middleware version
2.2.1
Go version
1.23