Cache loading of JWK object from OIDC private key

[cakemanny]

Fixes #1263

Description of the Change

This adds caching so that the OIDC private key is only loaded once.

Testing via the repro instructions in the referenced issue, on my machine the request time for the code-for-token exchange reduces from 1.5s to 150ms from the second request onwards (the first request take 820ms due to needing to load from the PEM the first time).

I'm not super happy with adding a utils module but I was unable to determine a good place to put the cached function.

The implementation uses functools.lru_cache - which seems like a good option with the limitation of being restricted to what is available in python 3.7.

Checklist

• PR only contains one change (considered splitting up PR)
• unit-test added
• documentation updated
• CHANGELOG.md updated (only for user relevant changes)
• author name in AUTHORS

Since there is no functional change, I feel the existing unit tests already cover the changes sufficiently but I'm happy to hear suggestions. now tested

[dopry]

@cakemanny thanks for contributing this PR. This is a valuable performance feature. Please add a test that confirms that jwk_from_pem is caching. It'll save us from a mistake where someone accidentally removes the @functools.lru_cache() decorator.

[codecov]

Codecov Report

Merging #1273 (c31bd1e) into master (13a6143) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #1273   +/-   ##
=======================================
  Coverage   97.29%   97.30%           
=======================================
  Files          31       32    +1     
  Lines        1996     2003    +7     
=======================================
+ Hits         1942     1949    +7     
  Misses         54       54           

Impacted Files	Coverage Δ
oauth2_provider/models.py	98.55% <100.00%> (+<0.01%)	⬆️
oauth2_provider/utils.py	100.00% <100.00%> (ø)
oauth2_provider/views/oidc.py	100.00% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[cakemanny]

Good suggestion. Added in 5dc58b5
I thought about whether to base the test on accessing the private key setting, i.e. below, but after looking at it, I decided that it seemed strange that the test depend on the settings module despite the implementation in utils being agnostic of the project so far.

@pytest.mark.oauth2_settings(presets.OIDC_SETTINGS_RW)
def test_jwk_from_pem_caches_jwk(oauth2_settings):

    # For the same private key we expect the same object to be returned

    jwk1 = utils.jwk_from_pem(oauth2_settings.OIDC_RSA_PRIVATE_KEY)
    jwk2 = utils.jwk_from_pem(oauth2_settings.OIDC_RSA_PRIVATE_KEY)

    assert jwk1 is jwk2

    # But for a different key, a different object
    jwk3 = utils.jwk_from_pem(oauth2_settings.OIDC_RSA_PRIVATE_KEYS_INACTIVE[0])

    assert jwk3 is not jwk1

So I decided to change it to use its own little keys

[cakemanny]

Hi @dopry, did you have any further feedback following the adding of the tests?

[cakemanny]

I can imagine that dopry is on holiday or otherwise busy for a while, @tonial and @n2ygk , I saw both of you commented on the issue that this is addressing, would it be ok to ask one of you two for a review in his stead?

[tonial]

Hi @cakemanny .
It've read your PR and I think it's great, but I'm not part of DOT team (https://jazzband.co/projects/django-oauth-toolkit)

[n2ygk]

Hi @cakemanny . It've read your PR and I think it's great, but I'm not part of DOT team (https://jazzband.co/projects/django-oauth-toolkit)

@tonial It would be great to have you join!

[n2ygk]

@cakemanny Did you add this test? It's still listed as an open review item. It looks like you did. I'll work on approving this:

@cakemanny thanks for contributing this PR. This is a valuable performance feature. Please add a test that confirms that jwk_from_pem is caching. It'll save us from a mistake where someone accidentally removes the @functools.lru_cache() decorator.

The requested change was made.