keycloak icon indicating copy to clipboard operation
keycloak copied to clipboard
verified publisher icon kilork

Optimize service token fetching

Open kilork opened this issue 3 years ago • 1 comments

Currently token would be refetched for each request, which is far from optimal.

https://github.com/kilork/keycloak/blob/master/src/rest/mod.rs#L32

Introduced in #30 FYI: @criminosis

kilork avatar Apr 13 '22 22:04 kilork

Yeah, as shown in the comment it was something I did knowingly but it wouldn't be hard to improve. I didn't want to stall the prior PR with introducing what could possibly be a weighty / opinionated dependency to do JWT parsing / verification to read the fields out. If you have preferences / opinions there then it wouldn't be much more work to add.

I think it'd something along the lines of look at the access token and then:

  • See if current system clock is after the exp field in the access token, if true (or if call fails due to an invalid token) then:
  • See if there's a refresh token and if so use it to get a new access token, if fails (e.g. refresh token request allowance exhausted) then:
  • Use the given client_id & client_secret to obtain a new token

criminosis avatar Apr 13 '22 22:04 criminosis