search

workos / workos-ruby

Official Ruby SDK for interacting with the WorkOS API
https://workos.com/docs/sdk/ruby
MIT License
29 stars 15 forks source link

Cache Remote JWKS Fetch #334

Open danielduan opened 1 week ago

danielduan commented 1 week ago

In the Ruby SDK, WorkOS::UserManagement.load_sealed_session seems to fetch the remote JWKS on every load, adding about 100ms to each authenticated request.

We use Rails and for every authenticated request, we call authorize_request which does the following:

session = WorkOS::UserManagement.load_sealed_session
result = session.authenticate
@user = result[:user]

After implementing WorkOS, we realized all of our authenticated endpoints now take 100ms longer on the backend. It took some digging through our Sentry profiles to find that create_remote_jwk_set was called repeatedly: https://github.com/workos/workos-ruby/blob/8c401c2774be8fb073ba8334222ca06edd52d7a0/lib/workos/session.rb#L26

We host our services on Render.com on GCP's oregon-1 region.

Please advise if there is a better way to authenticate the token or if improvements can be made to the SDK. Thanks!

Screenshot 2024-11-18 at 5 12 29 PM
PaulAsjes commented 1 week ago

I see the problem, I think we should able to move that to when you initialize the SDK instead of on every session load. Will look into fixing this soon.

danielduan commented 6 days ago

I see the problem, I think we should able to move that to when you initialize the SDK instead of on every session load. Will look into fixing this soon.

thanks for looking into this! would appreciate if you can prioritize this for us.