Cadoles/bouncer
10
0
Fork 0
Code Issues 1 Pull Requests Projects Releases 6 Wiki Activity

feat: cache oidc.Provider to reduce pressure on OIDC identity provider (#47)
All checks were successful
Cadoles/bouncer/pipeline/pr-develop This commit looks good
Details

Browse Source
This commit is contained in:
wpetit
2025-03-07 10:11:37 +01:00
committed by wpetit
parent 076a3d784e
commit 2df74bad4f
5 changed files with 45 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
internal/proxy/director/layer/authn/oidc/authenticator.go
View File

@ -13,6 +13,7 @@ import (
"time"
"forge.cadoles.com/Cadoles/go-proxy/wildcard"
"forge.cadoles.com/cadoles/bouncer/internal/cache"
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
"forge.cadoles.com/cadoles/bouncer/internal/store"
@ -27,6 +28,7 @@ type Authenticator struct {
store sessions.Store
httpTransport *http.Transport
httpClientTimeout time.Duration
oidcProviderCache cache.Cache[string, *oidc.Provider]
}
func (a *Authenticator) PreAuthentication(w http.ResponseWriter, r *http.Request, layer *store.Layer) error {
@ -378,15 +380,23 @@ func (a *Authenticator) getClient(options *LayerOptions, redirectURL string) (*C
Transport: transport,
}
ctx = oidc.ClientContext(ctx, httpClient)
provider, exists := a.oidcProviderCache.Get(options.OIDC.IssuerURL)
if !exists {
var err error
ctx = oidc.ClientContext(ctx, httpClient)
if options.OIDC.SkipIssuerVerification {
ctx = oidc.InsecureIssuerURLContext(ctx, options.OIDC.IssuerURL)
}
if options.OIDC.SkipIssuerVerification {
ctx = oidc.InsecureIssuerURLContext(ctx, options.OIDC.IssuerURL)
}
provider, err := oidc.NewProvider(ctx, options.OIDC.IssuerURL)
if err != nil {
return nil, errors.Wrap(err, "could not create oidc provider")
logger.Debug(ctx, "refreshing oidc provider", logger.F("issuerURL", options.OIDC.IssuerURL))
provider, err = oidc.NewProvider(ctx, options.OIDC.IssuerURL)
if err != nil {
return nil, errors.Wrap(err, "could not create oidc provider")
}
a.oidcProviderCache.Set(options.OIDC.IssuerURL, provider)
}
client := NewClient(