Merge pull request #19 from appirio-tech/dev

Fixing RS256/Machine-Token verification signing key caching issue.
appirio-tech · Jun 13, 2019 · f453529 · f453529
2 parents 51e7230 + 4e7f80c
commit f453529
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/lib/auth/verifier.js b/lib/auth/verifier.js
@@ -1,8 +1,10 @@
 'use strict'
-var jwt = require('jsonwebtoken'),
+const jwt = require('jsonwebtoken'),
   jwksRSA = require('jwks-rsa'),
   ms = require('millisecond')
 
+const jwksClients = {} // in global scope
+
 module.exports = function(validIssuers, jwtKeyCacheTime) {
 
   return {
@@ -15,9 +17,6 @@ module.exports = function(validIssuers, jwtKeyCacheTime) {
      * @param  callback  callback to pass responses
      */
     validateToken: (token, secret, callback) => {
-
-      let jwksClients = {}
-
       // Decode it first
       let decodedToken = jwt.decode(token, {complete: true})
 
@@ -35,7 +34,7 @@ module.exports = function(validIssuers, jwtKeyCacheTime) {
                 jwksClients[decodedToken.payload.iss] = jwksRSA({
                   cache: true,
                   cacheMaxEntries: 5, // Default value
-                  cacheMaxAge: ms(jwtKeyCacheTime), // Default value
+                  cacheMaxAge: ms(jwtKeyCacheTime), // undefined/0 means infinte
                   jwksUri: decodedToken.payload.iss + '.well-known/jwks.json'
                 })
               }