jwt_authn: adjust remote_jwks.async_fetch refetch timer (#24035)
This is just an improvement to async_fetch feature of remote jwks. * For a successful fetch, adjust its re_fetch time to be the jwks_cache_duration - 5s. This is to avoid of triggering on-demand fetching. During authentication, if jwks is not fetched, or is expired, it will trigger an on-demand fetching. If async_fetch can refetch the jwks a little bit earlier, it will avoid the on-demand fetch. * For a failed fetch, trigger a re_fetch after 1 second. Getting jwks is important. We should keep retrying. This retrying is after [remote_jwks.retry_policy](https://github.com/envoyproxy/envoy/blob/main/api/envoy/extensions/filters/http/jwt_authn/v3/config.proto#L366). Risk Level: Low, added more frequence refetch for a failed remote jwks uri. Testing: unit-tested Docs Changes: None Release Notes: Yes Signed-off-by: Wayne Zhang <qiwzhang@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 4e40d6ad5f98cd3c86f1398bb8990b1d88bdfe92pull/626/head
parent
cefb3cfe66
commit
538afbe766
1 changed files with 4 additions and 1 deletions
Loading…
Reference in new issue