Open vvavepacket opened 3 years ago
I've noticed this too. At scale, this also puts unnecessary pressure on the resource server.
Looking at this project's activity, I doubt this will be fixed.
This said, depending on why introspection is used, caching might be a bad idea as revoked tokens wouldn't be revoked at the gateway. So in that case, if this is implemented, there would need to be configurability around caching duration.
On top of this, why is introspection mandatory for this plugin? In some cases, the additional step to further validate the token and get additional user-info is not required.
Guys, i'm a bit late, but hope it helps:
This plugin uses the https://github.com/zmartzone/lua-resty-openidc project, so to enable cache just set a dictionary for lua The configuration "lua_shared_dict introspection 10m;" do this... If you're using kong on docker, like me, you can do this by adding this environment variable:
KONG_NGINX_HTTP_LUA_SHARED_DICT=introspection 1m
Just adding that and I've got 78% more requests per seconds on my setup here
cheers!
Does this kong oidc plugin support caching by default? If I dont specify anything in the config, whats the default caching behavior? I noticed its querying the introspection endpoint to check for validity of my accesstoken everytime I make a request, it adds up a significant latency
The readme says it supports caching via memcache, redis but it doesn't say how to configure it