Comments (3)
Hi @tzuge - thanks for raising this
Failure to find the key from the jwks endpoint leads to a SigningKeyNotFoundError, and lru-memoizer does not appear to cache this 'no key' result,
This is expected behaviour, otherwise the cache could be filled up with spurious results.
from node-jwks-rsa.
@adamjmcgrath , could you clarify what you mean by spurious results?
The response coming back with 200 and a body that does not contain the kid
is a legitimate result and distinguishable from a response coming back a failure status code. Assuming the caching did account for this, subsequent requests for the kid
at the particular url would cache hit with the 'no key' result still subject to cache TTL. Requests that fail would continue to not be cached.
I acknowledge that this might be a pain to change since the error is used for both cases and the memoize lib is quite reasonably not memoizing that.
from node-jwks-rsa.
Hi @tzuge
could you clarify what you mean by spurious results?
Sure, if you cached non existent kids - someone could generate many access tokens with different kid's and quickly fill the cache.
The SDK is not optimised to accept access tokens from the wrong issuer, you'll need to find a way to select the correct issuer based on the request (like the workaround you described)
from node-jwks-rsa.
Related Issues (20)
- Types for JwksClient.getSigningKey still allows callbacks HOT 2
- cache doesn't work for the expressJwtSecret function HOT 3
- Types conflict between [email protected] and [email protected] HOT 2
- FIX BUG TYPES WITH TYPESCRIPT AND AUTH 0 HOT 1
- The JWKS endpoint did not contain any signing keys HOT 2
- cb is not a function HOT 2
- Add pre-fetch keys / tweaks to caching HOT 2
- strictSsl property not available jwksRsa.hapiJwt2KeyAsync HOT 2
- Please upgrade dependencies HOT 5
- I can't login to my wallet I tried everything else but it is hopeless 😔 I hope you can understand that I created Bitcoin with satoshi nakamoto in 2008
- error in secret or public key callback: The JWKS endpoint did not contain any signing keys HOT 3
- Consider outputting ESM HOT 2
- types referred in dependencies section of package json HOT 2
- Make jwks-rsa resilient in the face of inability to access the underlying JWKS HOT 1
- Provide a way to prevent `getKeysInterceptor` falling back to `jwksUri` when the result doesn't contain the `kid` HOT 2
- No support for Cloudflare Workers HOT 3
- Can't match types definition in @types/[email protected] HOT 2
- error TS2688: Cannot find type definition file for 'express-unless'.
- Bump jose to v5 HOT 3
- Add module-info.java
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-jwks-rsa.