Fix/cte fixes (#436)

* Updated rate limits

* Updated code samples + other fixes

Author: lrzhou25

main/docs/authenticate/cte-attack-protection.mdx

@@ -370,7 +370,7 @@ Consider the following recommendations:
 * Use RSA with a minimum length of 2048 bits.
 
 ```javascript lines expandable
-const { jwtVerify } = require("jose");
+const { jwtVerify, importJWK } = require("jose");
 
 const jwksUri = "https://example.com/.well-known/jwks.json";
 const fetchTimeout = 5000; // 5 seconds
@@ -434,14 +434,20 @@ exports.onExecuteCustomTokenExchange = async (event, api) => {
    */
   async function getPublicKey(kid) {
     const cachedKey = api.cache.get(kid);
+    let keyData;
+
     if (!cachedKey) {
       console.log(`Key ${kid} not found in cache`);
-      const key = await fetchKeyFromJWKS(kid);
-      api.cache.set(kid, JSON.stringify(key), { ttl: 600000 });
-      return key;
+      keyData = await fetchKeyFromJWKS(kid);
+      // Cache the stringified version
+      api.cache.set(kid, JSON.stringify(keyData), { ttl: 600000 });
     } else {
-      return JSON.parse(cachedKey.value);
+      // Parse the raw JWK object from cache
+      keyData = JSON.parse(cachedKey.value);
     }
+
+    //Convert the raw JWK object to a KeyLike object
+    return await importJWK(keyData, keyData.alg);
   }
 
   /**

main/docs/authenticate/cte-examples-and-use-cases.mdx

@@ -143,21 +143,21 @@ See below for the rate limits in the Enterprise subscription type.
 <td><a href="/docs/authenticate/custom-token-exchange">Custom Token Exchange</a></td>
 <td><code>POST</code></td>
 <td>15</td>
-<td>15/minute</td>
+<td>15/second</td>
 <td>Any request</td>
 </tr>
 <tr>
 <td><a href="/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile">Write Token Exchange Profiles</a></td>
 <td><code>POST</code>, <code>PATCH</code>, <code>DELETE</code></td>
 <td>5</td>
-<td>100/minute</td>
+<td>100/second</td>
 <td>Any request</td>
 </tr>
 <tr>
 <td><a href="/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile">Read Token Exchange Profiles</a></td>
 <td><code>GET</code></td>
 <td>20</td>
-<td>200/minute</td>
+<td>200/second</td>
 <td>Any request</td>
 </tr>
 </tbody>

main/docs/authenticate/cte-multi-factor-authentication.mdx

@@ -121,21 +121,21 @@ See below for the rate limit policies for the Self service subscription type.
 <td><a href="/docs/authenticate/custom-token-exchange">Custom Token Exchange</a></td>
 <td><code>POST</code></td>
 <td>4</td>
-<td>4/minute</td>
+<td>4/second</td>
 <td>Any request</td>
 </tr>
 <tr>
 <td><a href="/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile">Write Token Exchange Profiles</a></td>
 <td><code>POST</code>, <code>PATCH</code>, <code>DELETE</code></td>
 <td>5</td>
-<td>25/minute</td>
+<td>25/second</td>
 <td>Any request</td>
 </tr>
 <tr>
 <td><a href="/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile">Read Token Exchange Profiles</a></td>
 <td><code>GET</code></td>
 <td>5</td>
-<td>50/minute</td>
+<td>50/second</td>
 <td>Any request</td>
 </tr>
 </tbody>

main/docs/authenticate/custom-token-exchange/cte-example-use-cases.mdx

@@ -123,21 +123,21 @@ Therefore, we recommend deploying one tenant per private cloud environment for r
 <td><a href="/docs/authenticate/custom-token-exchange">Custom Token Exchange</a></td>
 <td><code>POST</code></td>
 <td>15</td>
-<td>15/minute</td>
+<td>15/second</td>
 <td>Any request</td>
 </tr>
 <tr>
 <td><a href="/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile">Write Token Exchange Profiles</a></td>
 <td><code>POST</code>, <code>PATCH</code>, <code>DELETE</code></td>
 <td>5</td>
-<td>100/minute</td>
+<td>100/second</td>
 <td>Any request</td>
 </tr>
 <tr>
 <td><a href="/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile">Read Token Exchange Profiles</a></td>
 <td><code>GET</code></td>
 <td>20</td>
-<td>200/minute</td>
+<td>200/second</td>
 <td>Any request</td>
 </tr>
 </tbody>

main/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations/enterprise-public.mdx

@@ -124,21 +124,21 @@ Therefore, we recommend deploying one tenant per private cloud environment for r
 <td><a href="/docs/authenticate/custom-token-exchange">Custom Token Exchange</a></td>
 <td><code>POST</code></td>
 <td>1500</td>
-<td>1500/minute</td>
+<td>1500/second</td>
 <td>Any request</td>
 </tr>
 <tr>
 <td><a href="/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile">Write Token Exchange Profiles</a></td>
 <td><code>POST</code>, <code>PATCH</code>, <code>DELETE</code></td>
 <td>15</td>
-<td>300/minute</td>
+<td>300/second</td>
 <td>Any request</td>
 </tr>
 <tr>
 <td><a href="/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile">Read Token Exchange Profiles</a></td>
 <td><code>GET</code></td>
 <td>2000</td>
-<td>20000/minute</td>
+<td>20000/second</td>
 <td>Any request</td>
 </tr>
 </tbody>

main/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations/self-service-public.mdx

@@ -122,21 +122,21 @@ Therefore, we recommend deploying one tenant per private cloud environment for r
 <td><a href="/docs/authenticate/custom-token-exchange">Custom Token Exchange</a></td>
 <td><code>POST</code></td>
 <td>225</td>
-<td>225/minute</td>
+<td>225/second</td>
 <td>Any request</td>
 </tr>
 <tr>
 <td><a href="/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile">Write Token Exchange Profiles</a></td>
 <td><code>POST</code>, <code>PATCH</code>, <code>DELETE</code></td>
 <td>15</td>
-<td>300/minute</td>
+<td>300/second</td>
 <td>Any request</td>
 </tr>
 <tr>
 <td><a href="/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile">Read Token Exchange Profiles</a></td>
 <td><code>GET</code></td>
 <td>300</td>
-<td>3000/minute</td>
+<td>3000/second</td>
 <td>Any request</td>
 </tr>
 </tbody>

main/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations/tier-100-rps-private-cloud.mdx

@@ -130,21 +130,21 @@ Therefore, we recommend deploying one tenant per private cloud environment for r
 <td><a href="/docs/authenticate/custom-token-exchange">Custom Token Exchange</a></td>
 <td><code>POST</code></td>
 <td>450</td>
-<td>450/minute</td>
+<td>450/second</td>
 <td>Any request</td>
 </tr>
 <tr>
 <td><a href="/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile">Write Token Exchange Profiles</a></td>
 <td><code>POST</code>, <code>PATCH</code>, <code>DELETE</code></td>
 <td>15</td>
-<td>300/minute</td>
+<td>300/second</td>
 <td>Any request</td>
 </tr>
 <tr>
 <td><a href="/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile">Read Token Exchange Profiles</a></td>
 <td><code>GET</code></td>
 <td>600</td>
-<td>6000/minute</td>
+<td>6000/second</td>
 <td>Any request</td>
 </tr>
 </tbody>