You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks @inemtsev, we'll look into perhaps exposing an ability to drop the cache, though need to think through how this would be leveraged (i.e., how to know when to drop the cache, versus just configuring the provider to not cache at all).
Thanks @inemtsev, we'll look into perhaps exposing an ability to drop the cache, though need to think through how this would be leveraged (i.e., how to know when to drop the cache, versus just configuring the provider to not cache at all).
For AWS at least, they ask to drop the cache if the keyId cannot be found among the ones cached before. (Since they provide multiple keyIds)
Checklist
Describe the problem you'd like to have solved
Some jwk providers rotate their keys (AWS for example), their documentation says that if issuer matches but keyId is wrong, to get latest JWK keys. This is not possible with the current caching of this library.
https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html
Describe the ideal solution
Perhaps there should be an exposed function to drop the cache or try to pull latest before throwing an Exception?
Alternatives and current workarounds
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: