Class: Authn::IamService::JwksClient

Inherits:

Object

• Object
• Authn::IamService::JwksClient

Includes:

Gitlab::Utils::StrongMemoize

Defined in:

lib/authn/iam_service/jwks_client.rb

Constant Summary

JwksFetchFailedError =

Class.new(StandardError)

ConfigurationError =

Class.new(StandardError)

JWKS_PATH =

'/.well-known/jwks.json'

DEFAULT_CACHE_TTL =

1.hour

Instance Method Summary

• #clear_cache ⇒ Object
• #fetch_keys ⇒ Object
• #refresh_keys ⇒ Object

  This is used during JWT verification retry when signature verification fails, which typically indicates the IAM service has rotated its signing keys.

Instance Method Details

#clear_cache ⇒ Object

# File 'lib/authn/iam_service/jwks_client.rb', line 25

def clear_cache
  Rails.cache.delete(cache_key)
end

#fetch_keys ⇒ Object

# File 'lib/authn/iam_service/jwks_client.rb', line 14

def fetch_keys
  Rails.cache.fetch(cache_key) { fetch_and_cache_keys }
end

#refresh_keys ⇒ Object

This is used during JWT verification retry when signature verification fails, which typically indicates the IAM service has rotated its signing keys.

# File 'lib/authn/iam_service/jwks_client.rb', line 20

def refresh_keys
  clear_cache
  fetch_keys
end