feat(jans-cedarling): add CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_MAX bootstrap property by olehbozhok · Pull Request #14106 · JanssenProject/jans (original) (raw)
[![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4)
…ck interval
Previously, the Status List JWT was refreshed only when its payload carried a
ttl claim. If the issuer omitted ttl, the list was fetched once at startup
and never refreshed, so revoked tokens stayed valid in the cache for the
lifetime of the process. The in-loop fallback was also a hardcoded 600s.
Replace that magic number with a new bootstrap property
CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_FALLBACK (default 300 s).
- 0 resolves to the default; non-zero values below 5 s are clamped
- Background task always spawns, regardless of whether
ttlis present - Refactor
StatusListCache::init_for_issto take an args struct
Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com
Add CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_FALLBACK to the bootstrap
properties reference and a new "Status List Refresh Cadence" section in the
JWT validation reference explaining the JWT-ttl vs. bootstrap-fallback
precedence.
Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com
Spell out that non-zero CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_FALLBACK
values below 5 seconds are clamped up to 5 seconds, and that the clamp only
applies to the fallback path (Status List JWT without a ttl claim).
Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com
… test
The from_env assertion was bare while the sibling assertions in the same
module carry descriptive messages. Add one here so a regression surfaces the
intent of the check rather than just 120 != actual.
Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com
… call site
The bootstrap deserializer already normalizes
CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_FALLBACK, but JwtConfig is a
public struct that callers can construct programmatically and bypass that
normalization, which could feed a 0 or sub-floor value into the refresh
loop and create a tight scheduling cycle.
Clamp the value to MIN_STATUS_LIST_REFRESH_SECS where the loader hands it
to StatusListCache::init_for_iss, so the production path is always safe
while internal callers (tests) can still pass small values directly to the
cache for fast verification.
Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com
[
The "0 -> default, sub-floor -> floor" rule for CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_FALLBACK lived in two places: the bootstrap deserializer and the trusted-issuer-loader call site. They agreed today, but were easy to drift apart on the next change.
Move the rule into a single normalize_status_list_refresh_interval_fallback
helper and expose a JwtConfig::normalize method that applies all such
invariants in place. JwtService::new now calls normalize once on the
incoming config so programmatic callers cannot bypass the bootstrap
deserializer's normalization. Downstream call sites (loader, cache) simply
trust the already-normalized value.
Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com
dagregi previously approved these changes May 19, 2026
Rename CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_FALLBACK to CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_MAX and flip its semantics from "fallback when JWT has no ttl" to "upper bound on the refresh interval". When the Status List JWT carries a ttl, the effective refresh interval is now min(jwt_ttl, MAX) so issuers can request more frequent refreshes but never a less frequent one. When ttl is absent, the MAX value is used directly.
Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com
Reflect the rename from CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_FALLBACK to CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_MAX and the new capping semantics: the effective refresh interval is min(jwt_ttl, MAX).
Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com
[
feat(jans-cedarling): add CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_FALLBACK bootstrap property feat(jans-cedarling): add CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_MAX bootstrap property
[
Internal StatusListUpdateCtx and InitForIssArgs now carry the refresh interval and effective sleep as Duration instead of raw u64 seconds. A helper effective_refresh_interval centralizes the min(jwt_ttl, refresh_interval_max) cap, with refresh_interval_max used directly when the JWT omits ttl.
Status list cache tests use sub-second Duration caps so the refresh loop drives ticks at 200ms instead of 1s, cutting cache suite from ~3.0s to ~0.7s. Adds refresh_capped_when_jwt_ttl_exceeds_max covering the cap path where JWT ttl exceeds the configured max.
The bootstrap config field remains seconds; the loader converts at the call site, so user-facing configuration is unchanged.
Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com
dagregi previously approved these changes May 20, 2026
Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com
[
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})