metadata: fix caching of JWKs from jwks_uri

zandbelt · zandbelt · commit c8c86aacb7ef · 2024-12-05T12:33:06.000+01:00
when using the default expiry setting (i.e. not using
OIDCJWKSRefreshInterval) and avoid fetching JWKs from the jwks_uri for
each user login; also addresses Redis cache error entries the log [ERR
invalid expire time in 'setex' command]

Signed-off-by: Hans Zandbelt &lt;hans.zandbelt@openidc.com&gt;
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+12/05/2024
+- metadata: fix caching of JWKs from jwks_uri when using the default expiry setting (i.e. not using OIDCJWKSRefreshInterval)
+  and avoid fetching JWKs from the jwks_uri for each user login; also addresses Redis cache
+  error entries the log [ERR invalid expire time in 'setex' command]
+
 11/21/2024
 - add option to set local address for outgoing HTTP requests; see #1283; thanks @studersi
   using e.g. SetEnvIfExpr true OIDC_CURL_INTERFACE=192.168.10.2
diff --git a/src/cfg/provider.c b/src/cfg/provider.c
@@ -478,6 +478,11 @@ const char *oidc_cmd_provider_jwks_uri_refresh_interval_set(cmd_parms *cmd, void
 	return OIDC_CONFIG_DIR_RV(cmd, rv);
 }
 
+int oidc_cfg_jwks_uri_refresh_interval_get(const oidc_jwks_uri_t *jwks_uri) {
+	return jwks_uri->refresh_interval != OIDC_CONFIG_POS_INT_UNSET ? jwks_uri->refresh_interval
+								       : OIDC_DEFAULT_JWKS_REFRESH_INTERVAL;
+}
+
 int oidc_cfg_provider_jwks_uri_refresh_interval_get(oidc_provider_t *provider) {
 	return provider->jwks_uri.refresh_interval != OIDC_CONFIG_POS_INT_UNSET ? provider->jwks_uri.refresh_interval
 										: OIDC_DEFAULT_JWKS_REFRESH_INTERVAL;
diff --git a/src/cfg/provider.h b/src/cfg/provider.h
@@ -227,6 +227,7 @@ OIDC_CFG_PROVIDER_MEMBER_FUNCS_KEYS_DECL(client_keys)
 
 // ints
 OIDC_CFG_PROVIDER_MEMBER_FUNCS_INT_DECL(jwks_uri_refresh_interval)
+int oidc_cfg_jwks_uri_refresh_interval_get(const oidc_jwks_uri_t *jwks_uri);
 OIDC_CFG_PROVIDER_MEMBER_FUNCS_INT_DECL(backchannel_logout_supported)
 OIDC_CFG_PROVIDER_MEMBER_FUNCS_INT_DECL(ssl_validate_server)
 OIDC_CFG_PROVIDER_MEMBER_FUNCS_INT_DECL(validate_issuer)
diff --git a/src/metadata.c b/src/metadata.c
@@ -684,7 +684,7 @@ static apr_byte_t oidc_metadata_jwks_retrieve_and_cache(request_rec *r, oidc_cfg
 
 	/* store the JWKs in the cache */
 	oidc_cache_set_jwks(r, oidc_metadata_jwks_cache_key(jwks_uri), response,
-			    apr_time_now() + apr_time_from_sec(jwks_uri->refresh_interval));
+			    apr_time_now() + apr_time_from_sec(oidc_cfg_jwks_uri_refresh_interval_get(jwks_uri)));
 
 	return TRUE;
 }

Original file line number	Diff line number	Diff line change
`@@ -684,7 +684,7 @@ static apr_byte_t oidc_metadata_jwks_retrieve_and_cache(request_rec *r, oidc_cfg`
`684`	`684`
`685`	`685`	`/* store the JWKs in the cache */`
`686`	`686`	`oidc_cache_set_jwks(r, oidc_metadata_jwks_cache_key(jwks_uri), response,`
`687`		`- apr_time_now() + apr_time_from_sec(jwks_uri->refresh_interval));`
	`687`	`+ apr_time_now() + apr_time_from_sec(oidc_cfg_jwks_uri_refresh_interval_get(jwks_uri)));`
`688`	`688`
`689`	`689`	`return TRUE;`
`690`	`690`	`}`