Skip to content

Provided uncached way to use (Reactive)OidcIdTokenDecoderFactory #16647

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Provided uncached way to use (Reactive)OidcIdTokenDecoderFactory #16647

wants to merge 1 commit into from

Conversation

iigolovko
Copy link

@iigolovko iigolovko commented Feb 25, 2025
edited
Loading

Hello.

Sorry for ignoring issue creating.

If ClientRegistration is managed by db, it's unreal to update jwsAlgorithm or jwksUri without restarting the app.

So I added possibility not to use ConcurrentHashMap on decoder creation to build new one everytime. It will be useful in some multi-integration cases.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Feb 25, 2025
@franticticktick
Copy link
Contributor

Hey @iigolovko thanks for your valuable suggestion, but it would be better to create a ticket for this feature. It is quite possible that as a result of discussion we will find another solution if necessary.

@iigolovko iigolovko mentioned this pull request Feb 26, 2025
Open
@mipo256
Copy link

mipo256 commented Apr 11, 2025
edited
Loading

fixes #16655

@orchestr7
Copy link

Hey @iigolovko thanks for your valuable suggestion, but it would be better to create a ticket for this feature. It is quite possible that as a result of discussion we will find another solution if necessary.

Looks like #16655 affects a lot. Any chance that can be reviewed and handled somehow? @franticticktick

mipo256
mipo256 reviewed Apr 11, 2025
View reviewed changes
...rg/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
@@ -78,7 +79,7 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client

private static final ClaimTypeConverter DEFAULT_CLAIM_TYPE_CONVERTER = createDefaultClaimTypeConverter();

private final Map<String, JwtDecoder> jwtDecoders = new ConcurrentHashMap<>();
private final Map<String, JwtDecoder> jwtDecoders;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My 2 cents.

I think that caching in general is a functionality that needs to be extracted from here. Maybe the core maintainers can consider introducing the CachingOidcIdTokenDecoderFactory that extend OidcIdTokenDecoderFactory and adds caching functionality. Or the alternative solution via decorator/caching delegate is better.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mipo256 mipo256 mipo256 left review comments

Assignees
No one assigned
Labels
status: waiting-for-triage An issue we've not yet triaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@iigolovko @franticticktick @mipo256 @orchestr7 @spring-projects-issues