jwks-rsa-java
jwks-rsa-java copied to clipboard
auth0
Ability to drop cache
Checklist
- [X] I have looked into the Readme and Examples, and have not found a suitable solution or answer.
- [X] I have looked into the API documentation and have not found a suitable solution or answer.
- [X] I have searched the issues and have not found a suitable solution or answer.
- [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- [X] I agree to the terms within the Auth0 Code of Conduct.
Describe the problem you'd like to have solved
Some jwk providers rotate their keys (AWS for example), their documentation says that if issuer matches but keyId is wrong, to get latest JWK keys. This is not possible with the current caching of this library. https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html
Describe the ideal solution
Perhaps there should be an exposed function to drop the cache or try to pull latest before throwing an Exception?
Alternatives and current workarounds
No response
Additional context
No response
Thanks @inemtsev, we'll look into perhaps exposing an ability to drop the cache, though need to think through how this would be leveraged (i.e., how to know when to drop the cache, versus just configuring the provider to not cache at all).
Thanks @inemtsev, we'll look into perhaps exposing an ability to drop the cache, though need to think through how this would be leveraged (i.e., how to know when to drop the cache, versus just configuring the provider to not cache at all).
For AWS at least, they ask to drop the cache if the keyId cannot be found among the ones cached before. (Since they provide multiple keyIds)