googleapis / google-oauth-java-client

I filed a ticket with Google Support recently with an issue regarding the CacheLoader in IdTokenVerifier. They there might be issues where a request timeout could result in caching an empty Map instead of a null result.

google-oauth-java-client/google-oauth-client/src/main/java/com/google/api/client/auth/openidconnect/IdTokenVerifier.java

Lines 166 to 169 in ca216f9

    
           this.publicKeyCache = 
        
               CacheBuilder.newBuilder() 
        
                   .expireAfterWrite(1, TimeUnit.HOURS) 
        
                   .build(new PublicKeyLoader(transport));

What I see in my stack is the following

ERROR_MSG=Could not find PublicKey for provided keyId: xxxxxx][STACK=com.google.api.client.auth.openidconnect.IdTokenVerifier$VerificationException: Could not find PublicKey for provided keyId:xxxxxx|	at com.google.api.client.auth.openidconnect.IdTokenVerifier.verifySignature(IdTokenVerifier.java:280)

This error persists for about an hour, before resolving itself. Which is in line with the expiration of the cache.

	this.publicKeyCache =
	CacheBuilder.newBuilder()
	.expireAfterWrite(1, TimeUnit.HOURS)
	.build(new PublicKeyLoader(transport));

Issue with IdTokenVerifier cache