Comments (6)
Vertx uses async IO, this library, as it stands, does not. Async IO allows for MUCH better scaling. To use this library with a vertx application, one must wrap all the calls to the jwtverifier in special blocking wrappers. This reduces the scalability of an application that uses the okta jwt verifier.
from okta-jwt-verifier-java.
Thanks @idontusenumbers! The goal of this lib is to allow integrations into any other lib/framework. I haven't used vertx, but if there something blocking this let us know!
Also, other feel free to comment on this issue even after it is closed, we will keep watching for interest!
from okta-jwt-verifier-java.
Hi @bdemers , indeed it'd be nice to have async verifier, currently when using it from vertx I have to wrap this in executeBlocking
which does not scale well. Async version would also integrate with Kotlin coroutines, which may be interesting for Android developers
from okta-jwt-verifier-java.
@kbobrowski while, not perfect, the only blocking IO call should be when a new public key is requested, which IIRC is once a quarter.
Can you tell me a bit more about your Android use case?
from okta-jwt-verifier-java.
@bdemers that's right, it will block for longer time very rarely when getting new public key. But if I wrap decode(token)
in executeBlocking
to account for this, then during each API call the server would have to reserve new thread from thread pool, verify it in this thread, and return result, instead of doing this on the main event loop - not sure about performance penalty here at the moment. I guess intermediate solution specifically for vertx would be a flavor of decode
which can also accept Handler<AsyncResult<Jwt>>
, and which internally would use separate thread only for blocking IO (or ideally using non-blocking web client). But not sure how large the audience is for such solution, I can work around this at the moment I think :)
Regarding Android - currently I use verifier only server-side, but I can imagine that async verifier could be useful there as well
from okta-jwt-verifier-java.
This is helpful, I wasn't thinking about the added overhead of the wrapping of the method call
from okta-jwt-verifier-java.
Related Issues (20)
- Feature Request : Method for introspect token. HOT 2
- Allow specifying a java.time.Clock to better write unit tests. HOT 3
- Publish new library version HOT 2
- NoClassDefFoundError after upgrade HOT 5
- com.okta.jwt.JwtVerificationException: Failed to parse token HOT 14
- Issuer verification failed (Okta + Ktor + SwaggerUI) HOT 1
- Access Token Verifier Builder fails to initialize HOT 7
- Failed to parse token HOT 3
- HTTP request to issuer URL exposes system information
- Provide a function in AccessTokenVerifier that loads JWKS signing keys HOT 2
- java.lang.IllegalArgumentException: A signing key must be specified if the specified JWT is digitally signed. HOT 3
- NoClassDefFoundError after upgrade HOT 5
- Please consider publishing the com.okta.jwt.it testing classes with the okta-jwt-verifier-integration-tests jar.
- Expose SSLFactory and TrustStore as configuration parameters for the HTTP client
- Unable to Create IdTokenVerifier or AccessTokenVerifier after Upgrading To 0.5.8 HOT 3
- Security vulnerability via transitive dependency`bcprov-jdk18on:1.75` HOT 2
- java.lang.NoSuchMethodError: 'io.jsonwebtoken.JwtParserBuilder io.jsonwebtoken.Jwts.parserBuilder()' HOT 6
- Convert integration tests to java HOT 3
- Feature Request: Stronger typing in Jwt Claims HOT 5
- Async API HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from okta-jwt-verifier-java.