michael-genson
commented
4 months ago I considered switching the lru cache to a TTL cache from cachetools
I wouldn't mind adding this dependency, I've used it in other projects and it's well-maintained. However, it's also reasonably simple to implement a TTL cache with lru_cache, from https://stackoverflow.com/a/55900800:
def get_ttl_hash(seconds=3600):
return time.time() // seconds
@lru_cache
@staticmethod
def get_jwks(ttl_hash=None) -> KeySet | None:
"""Get the key set from the open id configuration"""
del ttl_hash # this is unused, its purpose is to bust the lru cache
...
jwks = get_jwks(ttl_hash=get_ttl_hash())Or, if you don't think it's that important to cache, I'm happy with the PR as-is. Just wanted to provide some options.
cmintey
What type of PR is this?
What this PR does / why we need it:
We currently cache the output from getting the JSON Web Key Set (JWKS) from a user's OIDC configuration indefinitely. This causes login issues when the key set is rotated and the key set that is cached is no longer valid. This PR just removed the caching on the method, which should be fine since the requests shouldn't be very heavy or that frequent.
Which issue(s) this PR fixes:
Fixes #3562
Special notes for your reviewer:
I considered switching the lru cache to a TTL cache from cachetools, but didn't see one built in and didn't want to add another dependency to the project
Testing
Manually and E2E