Closed travisghansen closed 5 years ago
If you don’t want discovery just instantiate. If you instantiate with the same metadata as would be discovered there’s no downside.
@panva thanks for the quick answer! What's the best approach? Pass the full metadata
attribute in, or pass in explicitly only the attributes that are shown in the README.md
example?
Couple other related questions:
client
details as well?client
(new issuer.Client()
) go over the wire?Pass the full metadata attribute in, or pass in explicitly only some attributes
full metadata
Does building the client (new issuer.Client()) go over the wire?
no
How about retrieved public keys? Are those currently cached at all? Any tips for approaching that one?
They are cached after being fetched when they're needed for a new issuer instance, no tips.
Is your feature request related to a problem? Please describe. No.
Describe the solution you'd like I'm building a relatively unique tool where the issuer/client_id/client_secrets/etc are dynamically consumed. I'd like to cut down on the number of requests going over the wire from executing
Issuer.discover(url)
over and over.Describe alternatives you've considered I've considered cache'ing the metadata on first
discover
and then using those to build up the issuer manually on subsequent invocations usingnew Issuer({cached metadata})
but I'm unclear what the potential downsides of this may be.Additional context I'm developing a tool to easily make openid work with reverse proxies that support 'external' or 'forward' authentication. Primarily focused on kubernetes but tool should work generally. As such I want the configuration extremely dynamic so I'm basically embedding all of the client configuration as a
GET
parameter used in the forward auth URL. The request is made as a sub-request of the reverse proxy to the service I'm working on which then decodes the client details anddiscover
s the issuer all inside a single http request handler (ie: details are thrown away after the request is handled). I'd like to cut down on all the issuer discovery traffic :)https://www.getambassador.io/reference/services/auth-service/