Support distributed cache access token when introspection
tinhtn1508 opened this issue · comments
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- This issue affects my Ory Network project.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Describe your problem
Currently I'm using ory oathkeeper & hydra for my project. The our traffic is approximately 1400 RPS, so I deployed ~10 pods ory oathkeeper (GKE) to serve them. And I'm facing a problem:
- I can not revoke actively the token when apply cache.
My use case: I need to revoke access token after user logout, change password, forgot password or ban account. The access token should be invalid immediately.
Describe your ideal solution
Use distributed cache such as redis
Workarounds or alternatives
I implemented redis cache for my use case. When a token is introspected successfully, I cached the active token by subject.
When users logout, change password or forgot password, I'll delete this cache by subject.
Version
v0.40.0
Additional Context
No response