ec6798678c
The OIDC authenticator typically makes two outgoing web requests in order to fetch keys. The first is if the Zuul admin has not configured a keys_url setting (which is the typical case); Zuul will fetch the well-known configuration for the provider and get the keys_url from that in order to configure the client. Then the client will fetch the actual keys on request. To avoid performing these requests on every web request we receive with a token, we will store the JWT client on the Authenticator instance. The JWT client has an internal cache for the key set, so in the typical case, only the first authenticated request will trigger these requests. The JWT cache manages its own expiration time, so it will update as necessary. The keys_url is not typically expected to change, so once we initialize the client with it, we won't update it again. Change-Id: Ibbce7c8c90f9ccbfdcf41d6635162681a8fe3319 |
||
---|---|---|
.. | ||
__init__.py | ||
jwt.py |