You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by "michaeljmarshall (via GitHub)" <gi...@apache.org> on 2023/04/14 18:19:51 UTC

[GitHub] [pulsar] michaeljmarshall opened a new issue, #20108: Provide way to invalidate an AuthenticationProvider's Cache

michaeljmarshall opened a new issue, #20108:
URL: https://github.com/apache/pulsar/issues/20108

   ### Search before asking
   
   - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar.
   
   
   ### Motivation
   
   When an unexpected signing key rotation occurs, the OpenID Connect Authentication Provider will not discover the new signing key and invalidate the old signing key until its cache expires. The current solution is to restart each broker, proxy, websocket proxy, and function worker. That process creates unnecessary downtime. Ideally, we can find a solution that maximizes control of the cache without introducing unnecessary service disruptions.
   
   ### Solution
   
   One solution could be to create a way to invalidate an `AuthenticationProvider`'s cache. It would seem like we'd also need a way to force all connections to be re-authenticated. Perhaps that is best achieved by disconnecting all clients or by some other means.
   
   ### Alternatives
   
   _No response_
   
   ### Anything else?
   
   It might also make sense to update the Open ID Connect Authentication Provider's implementation to follow the cache control headers returned by the identity provider.
   
   ### Are you willing to submit a PR?
   
   - [ ] I'm willing to submit a PR!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] github-actions[bot] commented on issue #20108: Provide way to invalidate an AuthenticationProvider's Cache

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on issue #20108:
URL: https://github.com/apache/pulsar/issues/20108#issuecomment-1547085023

   The issue had no activity for 30 days, mark with Stale label.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org