jwks-rsa-java icon indicating copy to clipboard operation
jwks-rsa-java copied to clipboard

Published 20 hours ago verified publisher icon auth0

Replace guava with caffeine.

Open rimasu opened this issue 1 year ago • 2 comments

Caffeine is a focussed library that just provides caching. It has similar behaviour to guava's caching library.

This commit replaces guava's cache with caffeine and remove other minor uses of guava APIs.

Changes

Please describe both what is changing and why this is important. Include:

  • Endpoints added, deleted, deprecated, or changed N/A

  • Classes and methods added, deleted, deprecated, or changed

Replaced Guava cache with Caffeine based cached. This is a smaller and more focused library with fewer CVEs and good adoption.

Removed some trivial usages of guava in test code.

  • Screenshots of new or changed UI, if applicable N/A

  • A summary of usage if this is a new feature or change to a public API (this should also be added to relevant documentation once released) N/A

  • Any alternative designs or approaches considered N/A

References

Please include relevant links supporting this change such as a:

  • support ticket
  • community post
  • StackOverflow post
  • support forum thread

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

I have replaced the existing test with functionally equivalent tests.

  • [x] This change adds test coverage
  • [ ] This change has been tested on the latest version of Java or why not

This has been tested on Java 11 as this is compatible with project's java version (1.8).

Checklist

rimasu avatar Jun 13 '23 08:06 rimasu

API comparison is failing because GuavaCachedJwkProvider (that was removed) was public. The usage in this module makes it look like it was designed as an internal implementation, rather than a component to be used else where.

rimasu avatar Jun 13 '23 12:06 rimasu

Thanks for the PR @rimasu! We do want to look into Guava alternatives, including Caffeine. As you noted, unfortunately when the library was written it was tightly coupled to Guava, so I think changing it would be a breaking change. As this library is on 0.x, by semantic versioning a breaking change can be introduced, but we'll need to look through the various options and do some comparison before deciding.

jimmyjames avatar Jul 28 '23 01:07 jimmyjames