Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ESD-32688: Improve locking and blocking associated with key retrieval #225

Merged
merged 2 commits into from
Dec 1, 2023

Conversation

ewanharris
Copy link
Contributor

📝 Checklist

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

🔧 Changes

This PR consists of 2 commits.

The first improves the locking of the KeyFunc by moving to a RWMutex, calling RLock in KeyFunc to allow multiple readers when retrieving the cached value and only calling the Lock method when we need to refresh the JWKS.

The second moves to refreshing the JWKS in the background when the CacheTTL is hit rather than blocking until the JWKS has been refreshed. Previously, whenever the cached JWKS expired there would be a block until the request has completed
and the cache has been updated. Now, when the JWKS cache expires the refresh is triggered in the background and the cached JWKS will continue to be returned until the background refresh has been completed. If that background refresh succeeds then the cache will be updated, if it errors then the cached JWKS will be deleted and on the next call of KeyFunc the JWKS refresh will be attempted again, which (if the error persists) would raise the error.

This now means that the only time KeyFunc will block is in the instance where there is no JWKS for
an issuer, when a cached JWKS expires we will no longer block

📚 References

#194

🔬 Testing

Have tested this with the sample app/in repo example and is covered by tests

…lock for refresh

Previously, whenever the cached JWKS expired there would be a block until the request has completed
and the cache has been updated. Now, when the JWKS cache expires the refresh is triggered in the
background and the cached JWKS will continue to be returned until the background refresh has been
completed. If that background refresh succeeds then the cache will be updated, if it errors then
the cached JWKS will be deleted and on the next call of KeyFunc the JWKS refresh will be attempted
again, which (if the error persists) would raise the error.

This now means that the only time KeyFunc will block is in the instance where there is no JWKS for
an issuer, when a cached JWKS expires we will no longer block
@ewanharris ewanharris requested a review from a team as a code owner November 28, 2023 16:45
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (8e479d9) 94.78% compared to head (5e1ddb0) 95.98%.

Additional details and impacted files
@@            Coverage Diff             @@
##           master     #225      +/-   ##
==========================================
+ Coverage   94.78%   95.98%   +1.19%     
==========================================
  Files           7        7              
  Lines         307      324      +17     
==========================================
+ Hits          291      311      +20     
+ Misses         12       10       -2     
+ Partials        4        3       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ewanharris ewanharris merged commit 3cff0b1 into master Dec 1, 2023
7 checks passed
@ewanharris ewanharris deleted the feat/improve-locking branch December 1, 2023 10:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants