carrier thread be suspended by synchronized in RemoteJWKSet

[me0106]

RemoteJWKSet use synchronized for synchronization. But this will suspend the carrier thread. In some specific situations, it may cause the server to hang:

single carrier thread.(Single core CPU). And call itself to retrieve jwk.

RemoteJWKSet is deprecated. Should we replace it with JwkSourceBuilder?

SpringBoot: 3.3.1 Java: Temurin-21.0.4+7

[rwinch]

Thank you for the report. Would you be interested in submitting a pull request to replace RemoteJWKSet?

[franticticktick]

Hi @rwinch, in this issue we need to replace the old jose api with a new one. This is not a very simple issue, for example JWKSetCache is now deprecated, and it is needed for JwkSourceBuilder. I can think about how to solve this issue.