问题描述
我通过包装并通过Azure API管理对其进行缓存,从而在下面为发现终结点设置了缓存.
I setup caching for discovery endpoint below by wrapping it and caching it via Azure API Management.
https://openid-connect-eu.onelogin.com/oidc/.well-known/openid-configuration
因此下面的新链接进行了缓存:
So the new link below does the caching:
https://my.azure-api.net/sso/.known/openid-configuration?subscription-key=mykey
以下是令牌验证的政策:
Below is policy for token validation:
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Error: expired token or invalid token" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true">
<openid-config url="https://my.azure-api.net/sso/.well-known/openid-configuration?subscription-key=mykey" />
<audiences>
<audience>id</audience>
</audiences>
<issuers>
<issuer>https://openid-connect-eu.onelogin.com/oidc</issuer>
</issuers>
</validate-jwt>
我的问题是,我是否需要缓存下面的发现文档中用于验证的JWKS链接?如果是这样,我该如何缓存它?
My question is that do I need to cache the JWKS link below that is on the discovery document above and used for the validation? If so, how can I cache it?
https://openid-connect-eu.onelogin.com/oidc/certs
推荐答案
返回的html正文上的url被修改,并替换为通过APIM缓存的新url.
The url on the html body returned is modified and replaced with a new url that is cached via APIM.
这篇关于JWT验证:缓存通过Azure API管理从缓存的发现文档派生的JWKS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!