kenjenkins
commented
3 months ago Per Caleb: it looks like we do honor the rate limit headers.
Closed calebdoxsey closed 2 months ago
kenjenkins
commented
3 months ago Per Caleb: it looks like we do honor the rate limit headers.
calderonth
commented
3 months ago I'm still seeing constant sync errors though.
On Mon, 24 Jun 2024, 17:56 Kenneth Jenkins, @.***> wrote:
Per Caleb: it looks like we do honor the rate limit headers.
— Reply to this email directly, view it on GitHub https://github.com/pomerium/datasource/issues/341#issuecomment-2187012142, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAF3DVXNZ3GN55O664VUJBLZJBFTJAVCNFSM6AAAAABJSGOR3OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBXGAYTEMJUGI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
calebdoxsey
commented
3 months ago In testing I do see that the rate limiting code appears to function as intended. However I uncovered another issue: #342.
calebdoxsey
commented
2 months ago I believe the sync issues were due to the code always doing a full re-sync. The Okta identity provider has been rewritten to use the Okta SDK and should only be syncing changes now.
What happened?
Okta API requests sometimes return
429errors:What did you expect to happen?
Okta returns rate limits in API response headers: https://developer.okta.com/docs/reference/rl-best-practices
X-Rate-Limit-Limit- the rate limit ceiling that is applicable for the current request.X-Rate-Limit-Remaining- the number of requests left for the current rate-limit window.X-Rate-Limit-Reset- the time at which the rate limit resets, specified in UTC epoch time (in seconds).We should be able to retry the request intelligently based on these headers.
Additional context
We should also investigate if there's a way to make less calls to the API to get the same membership data.