Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16430

JWKs URI content cache timeout in ms & JWKs URI content cache miss cache time may need clearer descriptions.

    XMLWordPrintable

    Details

    • Rank:
      1|i011xf:4
    • No
    • No
    • No
    • No (add reasons in the comment)

      Description

      At https://backstage.forgerock.com/docs/am/6.5/oauth2-guide/index.html#configure-oauth2-oidc-client-signing.

      The current descriptions:

      JWKs URI content cache timeout in ms

      Specify the maximum amount of time, in milliseconds, that the content of the JWKS URI can be cached before being refreshed. This avoids fetching the JWKS URI content for every token encryption.

      Default: 3600000

      JWKs URI content cache miss cache time

      Specify the minimum amount of time, in milliseconds, that the content of the JWKS URI is cached. This avoids fetching the JWKS URI content for every token signature verification, for example if the key ID (kid) is not in the JWKS content already cached.

      Default: 60000

      {{}}

      In reality what these settings actually do:

      {{}}

      JWKs URI content cache timeout in ms
      The amount of time the JWK Set is cached for (no max, no min, just how long it's cached for).

      JWKs URI content cache miss cache time
      The amount of time AM will wait to refresh / get the JWK Set if the cached JWK Set doesn’t contain a key with a matching “kid” value.

      {{}}

      Compared to the description in the docs this can be a little confusing.

        Attachments

          Activity

            People

            cristina.herraz Cristina Herraz [X] (Inactive)
            darrel.nikolovski Darrel Nikolovski
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: