Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding a cache layer for OAuth2 token validation in REST API #7342

Merged
merged 3 commits into from
Oct 7, 2019
Merged

Adding a cache layer for OAuth2 token validation in REST API #7342

merged 3 commits into from
Oct 7, 2019

Conversation

malinthaprasan
Copy link
Contributor

@malinthaprasan malinthaprasan commented Oct 7, 2019
edited
Loading

Adding a cache layer in Product REST APIs' OAuth2 token validations. It consists of two caches:

  1. TokenCache: Valid token infomation are stored against the access token.
  2. InvalidTokenCache: Invalid tokens are stored

The summary of the flow:

The token is checked in TokenCache and if it exists validation info is taken from there, check the expiry and continues.
If not, the token is checked in InvalidTokenCache for invalid tokens.
If token doesn't exist in both, normal key validation DB call goes. (this doesn't include a n/w call)

Scope validation is not cached here. It is comparatively low cost operation because the retrieval of URITemplates/scope information is already cached. For the REST of the stuff, it will have a for loop for iterating and validating scopes which is not a costly operation.

By default, the cache expiry is set to 300s (5mins). To change this, set below in deployment.toml.

[apim.cache.restapi_token]
enable = true
expiry_time = "300s"

It will add below configs in api-manager.xml under CacheConfigurations upon server start.

        <!-- Enable/Disable token caching at the Product REST APIs-->
        <EnableRESTAPITokenCache>true</EnableRESTAPITokenCache>
        <!-- Expiry time for the apim REST API token cache -->
        <RESTAPITokenCacheExpiry>300</RESTAPITokenCacheExpiry>

@malinthaprasan malinthaprasan requested review from nalakas and ruks October 7, 2019 06:51
@malinthaprasan malinthaprasan merged commit eeb40c5 into wso2:master Oct 7, 2019
@malinthaprasan malinthaprasan deleted the master.oauth2.cache branch March 10, 2021 03:38
shilmyhasan pushed a commit to shilmyhasan/carbon-apimgt that referenced this pull request Aug 2, 2023
@praminda
Merge pull request wso2#1993 from praminda/wso2gh-7342
a921de6 
Show all APIs for subcription
wso2-jenkins-bot added a commit that referenced this pull request Nov 5, 2024
@wso2-jenkins-bot
[WSO2 Release] [Jenkins #7342] [Release 9.30.69] prepare release v9.3…
3e2bc90 
…0.69
wso2-jenkins-bot added a commit that referenced this pull request Nov 5, 2024
@wso2-jenkins-bot
[WSO2 Release] [Jenkins #7342] [Release 9.30.69] prepare for next dev…
fbb797a 
…elopment iteration
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruks ruks ruks approved these changes

@nalakas nalakas nalakas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@malinthaprasan @ruks @nalakas