Cache Remote JWKS Fetch #334
Labels
enhancement
New feature or request
Comments
|
I see the problem, I think we should able to move that to when you initialize the SDK instead of on every session load. Will look into fixing this soon. |
thanks for looking into this! would appreciate if you can prioritize this for us. |
|
We ran into this when we noticed the JWKS call was taking up 30-45% of our request processing time. For now we've worked around it by adding the following to our initializer ( # We load and authenticate the sealed session each request.
# Just loading the JWKS to verify the token was taking up 30% of our server request time!
#
# Cache this for 5 minutes to stop having to do that on every request.
# Ideally we'd cache longer and just update it if we triggered a validation error
module CacheJWKSet
private
def create_remote_jwk_set(uri)
Rails.cache.fetch("workos-jwk-set", expires_in: 5.minutes) do
super
end
end
end
WorkOS::Session.prepend(CacheJWKSet) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the Ruby SDK,
WorkOS::UserManagement.load_sealed_sessionseems to fetch the remote JWKS on every load, adding about 100ms to each authenticated request.We use Rails and for every authenticated request, we call
authorize_requestwhich does the following:After implementing WorkOS, we realized all of our authenticated endpoints now take 100ms longer on the backend. It took some digging through our Sentry profiles to find that
create_remote_jwk_setwas called repeatedly:workos-ruby/lib/workos/session.rb
Line 26 in 8c401c2
We host our services on Render.com on GCP's
oregon-1region.Please advise if there is a better way to authenticate the token or if improvements can be made to the SDK. Thanks!
The text was updated successfully, but these errors were encountered: