Having issue with "store to cache/lookup cache" assertions during token validation
search cancel

Having issue with "store to cache/lookup cache" assertions during token validation

book

Article ID: 274382

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We have logic to validate the incoming token during token validation gateway, Gateway will validate the token(issuer, scope, audience, expiry), and once successfully validated it will store the token into a cache till the token expiry time.

From the second request onwards with the same token, the token will be fetched from cache(if available), then proceed further.

Now we have an issue,  if we have continuous requests with the same token, it is getting fetched from cache(though the token is expired, but it should not as the token will be available till it expiration time in cache)

Environment

Release : 10.1

Resolution

The Age value of the cache  is for all entries for this cache ID , the cache does not remove expired entries directly it just check the timestamp and compare it with  the max age.

When using token with different expire times you can not rely on the cache entry max age only this value should be fixed.

So if the key is already expired but still not removed from the cache or overwritten due to max entries , updating the age value of the cache will impact all existing cache entries even one's which are already expired .

This means you always should perform a check on the retrieved token to determine the real expiration time , you can depend on the cache timeout for this unless the expire time is the same for all entries in the cache .