Skip to content

Commit

Permalink
metadata: fix caching of JWKs from jwks_uri
Browse files Browse the repository at this point in the history 
when using the default expiry setting (i.e. not using
OIDCJWKSRefreshInterval) and avoid fetching JWKs from the jwks_uri for
each user login; also addresses Redis cache error entries the log [ERR
invalid expire time in 'setex' command]

Signed-off-by: Hans Zandbelt <[email protected]>
  • Loading branch information
@zandbelt
zandbelt committed Dec 5, 2024
1 parent a1dc976 commit c8c86aa
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 1 deletion.
5 changes: 5 additions & 0 deletions ChangeLog
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
12/05/2024
- metadata: fix caching of JWKs from jwks_uri when using the default expiry setting (i.e. not using OIDCJWKSRefreshInterval)
and avoid fetching JWKs from the jwks_uri for each user login; also addresses Redis cache
error entries the log [ERR invalid expire time in 'setex' command]

11/21/2024
- add option to set local address for outgoing HTTP requests; see #1283; thanks @studersi
using e.g. SetEnvIfExpr true OIDC_CURL_INTERFACE=192.168.10.2
Expand Down
5 changes: 5 additions & 0 deletions src/cfg/provider.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -478,6 +478,11 @@ const char *oidc_cmd_provider_jwks_uri_refresh_interval_set(cmd_parms *cmd, void
return OIDC_CONFIG_DIR_RV(cmd, rv);
}

int oidc_cfg_jwks_uri_refresh_interval_get(const oidc_jwks_uri_t *jwks_uri) {
return jwks_uri->refresh_interval != OIDC_CONFIG_POS_INT_UNSET ? jwks_uri->refresh_interval
: OIDC_DEFAULT_JWKS_REFRESH_INTERVAL;
}

int oidc_cfg_provider_jwks_uri_refresh_interval_get(oidc_provider_t *provider) {
return provider->jwks_uri.refresh_interval != OIDC_CONFIG_POS_INT_UNSET ? provider->jwks_uri.refresh_interval
: OIDC_DEFAULT_JWKS_REFRESH_INTERVAL;
Expand Down
1 change: 1 addition & 0 deletions src/cfg/provider.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,7 @@ OIDC_CFG_PROVIDER_MEMBER_FUNCS_KEYS_DECL(client_keys)

// ints
OIDC_CFG_PROVIDER_MEMBER_FUNCS_INT_DECL(jwks_uri_refresh_interval)
int oidc_cfg_jwks_uri_refresh_interval_get(const oidc_jwks_uri_t *jwks_uri);
OIDC_CFG_PROVIDER_MEMBER_FUNCS_INT_DECL(backchannel_logout_supported)
OIDC_CFG_PROVIDER_MEMBER_FUNCS_INT_DECL(ssl_validate_server)
OIDC_CFG_PROVIDER_MEMBER_FUNCS_INT_DECL(validate_issuer)
Expand Down
2 changes: 1 addition & 1 deletion src/metadata.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -684,7 +684,7 @@ static apr_byte_t oidc_metadata_jwks_retrieve_and_cache(request_rec *r, oidc_cfg

/* store the JWKs in the cache */
oidc_cache_set_jwks(r, oidc_metadata_jwks_cache_key(jwks_uri), response,
apr_time_now() + apr_time_from_sec(jwks_uri->refresh_interval));
apr_time_now() + apr_time_from_sec(oidc_cfg_jwks_uri_refresh_interval_get(jwks_uri)));

return TRUE;
}
Expand Down

0 comments on commit c8c86aa

Please sign in to comment.