Closed calebdoxsey closed 2 months ago
Per Caleb: it looks like we do honor the rate limit headers.
I'm still seeing constant sync errors though.
On Mon, 24 Jun 2024, 17:56 Kenneth Jenkins, @.***> wrote:
Per Caleb: it looks like we do honor the rate limit headers.
— Reply to this email directly, view it on GitHub https://github.com/pomerium/datasource/issues/341#issuecomment-2187012142, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAF3DVXNZ3GN55O664VUJBLZJBFTJAVCNFSM6AAAAABJSGOR3OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBXGAYTEMJUGI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
In testing I do see that the rate limiting code appears to function as intended. However I uncovered another issue: #342.
I believe the sync issues were due to the code always doing a full re-sync. The Okta identity provider has been rewritten to use the Okta SDK and should only be syncing changes now.
What happened?
Okta API requests sometimes return
429
errors:What did you expect to happen?
Okta returns rate limits in API response headers: https://developer.okta.com/docs/reference/rl-best-practices
X-Rate-Limit-Limit
- the rate limit ceiling that is applicable for the current request.X-Rate-Limit-Remaining
- the number of requests left for the current rate-limit window.X-Rate-Limit-Reset
- the time at which the rate limit resets, specified in UTC epoch time (in seconds).We should be able to retry the request intelligently based on these headers.
Additional context
We should also investigate if there's a way to make less calls to the API to get the same membership data.