Thumimku
commented
9 months ago Here we are checking some attributes before loading the data for that application.
The reason is
-
Retrieving the secret involves additional db call
- The secret is not stored in the application meta data, its stored in the secret manager.
- To retrieve the secret first we have to check the secret exist in the secret manager.
- If there is no secret, this will be a cache miss and cost a db call.
-
Above db call happen every time an application is retrieved.
- This secret or whole attestation meta data have no dedicated endpoint for CRUD operation, it uses application REST API.
- Whenever an application retrieved from BE, above db call will happen in backend.
- Since most of the applications not going to have this attestation data, removing said check will gonna cost several db calls for multi application enviornment.
Common ground
To achieve above optimisation without compromising the performance, we can relax the check by checking only android package existence for the application like below.
if (StringUtils.isNotEmpty(clientAttestationMetaData.getAndroidPackageName())) {
clientAttestationMetaData.setAndroidAttestationServiceCredentials
(getAndroidAttestationServiceCredentials(serviceProvider));
}PR: https://github.com/wso2/carbon-identity-framework/pull/5526
Achintha444
Describe the improvement When disabling the client attestation from api auth attestation configurations should not be removed. Once it's enabled back it should be possible to proceed without re-adding configs.
Same with enabling or disabling app native api authentication