social-core icon indicating copy to clipboard operation
social-core copied to clipboard

Published 20 hours ago verified publisher icon python-social-auth

Error handling and caching in response to .well-known/jwks.json in auth0 backend

Open igin opened this issue 3 years ago • 0 comments

Expected behaviour

The request to .well-known/jwks.json always returns the same static file (as long as auth0 doesn't change the private keys on their side which should be a very rare event). Additionally the requests to this endpoint might fail. Those errors should be handled and an appropriate timeout should be added.

Actual behaviour

We are currently running into rate limiting / congestion issues on that endpoint as every authenticated request tries to request that endpoint. Sometimes this request stays open for more than 60 seconds leading to request timeout in our server.

Any other comments?

We contacted auth0 about the issue of congested requests but from their side it is clear that these requests should be cached. See https://community.auth0.com/t/requests-to-well-known-jwks-json-randomly-timing-out/77200/3

igin avatar Jan 28 '22 16:01 igin