Skip to content

Conversation

rodrigobr-msft
Copy link
Contributor

This pull request refactors the way JWKS (JSON Web Key Set) clients are managed in the JwtTokenValidator class to improve efficiency and error handling. Instead of creating a new JWKS client for every token validation, the code now initializes and caches clients for each issuer, reducing unnecessary network requests and improving performance.

Key improvements to JWKS client management:

  • Added instance variables _default_jwks_client and _tenant_jwks_client to cache JWKS clients for the default and tenant-specific issuers, respectively.
  • Introduced the _init_jwks_client method to initialize the appropriate JWKS client only once per issuer, with key caching enabled.
  • Added the _get_client method to safely retrieve the correct JWKS client for a given issuer, raising an error if the client is not initialized.
  • Refactored _get_public_key_or_secret to use the cached clients and improved error handling for missing issuer claims.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant