Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth: Respect cache control for JWKS in auth.jwt #68872

Merged
merged 4 commits into from
May 23, 2023
Merged

Auth: Respect cache control for JWKS in auth.jwt #68872

merged 4 commits into from
May 23, 2023

Conversation

Jguer
Copy link
Contributor

@Jguer Jguer commented May 23, 2023

What is this feature?

  • Respect cache control for JWKS in auth.jwt if it's lower than configured duration
  • Document behavior

Which issue(s) does this PR fix?:

Fixes #63465

Special notes for your reviewer:

Please check that:

  • It works as expected from a user's perspective.
  • If this is a pre-GA feature, it is behind a feature toggle.
  • The docs are updated, and if this is a notable improvement, it's added to our What's New doc.

@Jguer Jguer added add to changelog no-backport Skip backport of PR labels May 23, 2023
@Jguer Jguer self-assigned this May 23, 2023
@Jguer Jguer requested review from a team and chri2547 as code owners May 23, 2023 09:00
@Jguer Jguer requested review from eleijonmarck and kalleep and removed request for a team May 23, 2023 09:00
@Jguer Jguer added this to the 10.1.x milestone May 23, 2023
@grafanabot grafanabot added area/backend type/docs Flags the technical writing team for documentation support; auto adds to org-wide docs project labels May 23, 2023
@Jguer Jguer requested a review from mgyongyosi May 23, 2023 09:01
IevaVasiljeva
IevaVasiljeva approved these changes May 23, 2023
View reviewed changes
Copy link
Contributor

@IevaVasiljeva IevaVasiljeva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pkg/services/auth/jwt/key_sets.go
client: &http.Client{},
url: urlStr,
log: s.log,
client: &http.Client{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: just curious about why you had to specify these? Which of the default values had to be changed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did not need to specify, but it's best practice to configure timeouts and the transport (ProxyFromEnv). I got the defaults from some of our other services, actually missing an exported "NewHTTPClient(timeout duration) *http.Client" somewhere

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So it's mostly to be explicit about the timeouts etc? That makes sense, thanks for the explanation!

@Jguer Jguer enabled auto-merge (squash) May 23, 2023 09:57
@Jguer Jguer merged commit 5e5c751 into main May 23, 2023
@Jguer Jguer deleted the jguer/respect-cache-control-jwt branch May 23, 2023 10:29
@ricky-undeadcoders ricky-undeadcoders modified the milestones: 10.1.x, 10.1.0 Aug 1, 2023
@chenrui333 chenrui333 mentioned this pull request Aug 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IevaVasiljeva IevaVasiljeva IevaVasiljeva approved these changes

@chri2547 chri2547 Awaiting requested review from chri2547

@eleijonmarck eleijonmarck Awaiting requested review from eleijonmarck eleijonmarck was automatically assigned from grafana/grafana-authnz-team

@kalleep kalleep Awaiting requested review from kalleep kalleep was automatically assigned from grafana/grafana-authnz-team

@mgyongyosi mgyongyosi Awaiting requested review from mgyongyosi

Assignees

@Jguer Jguer

Labels
add to changelog area/backend no-backport Skip backport of PR type/docs Flags the technical writing team for documentation support; auto adds to org-wide docs project
Projects
None yet
Milestone
10.1.0
Development

Successfully merging this pull request may close these issues.

JWT auth jwk_set_url doesn't respect cache-control header
4 participants
@Jguer @IevaVasiljeva @ricky-undeadcoders @grafanabot