fix: using caching for jwks

sattvikc · sattvikc · commit c3af4e334550 · 2022-07-18T13:35:26.000+05:30
diff --git a/recipe/thirdparty/providers/apple.go b/recipe/thirdparty/providers/apple.go
@@ -23,7 +23,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/MicahParks/keyfunc"
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/supertokens/supertokens-golang/recipe/thirdparty/api"
 	"github.com/supertokens/supertokens-golang/recipe/thirdparty/tpmodels"
@@ -177,16 +176,8 @@ func verifyAndGetClaimsAppleIdToken(idToken string, clientId string) (jwt.MapCla
 	// Get the JWKS URL.
 	jwksURL := "https://appleid.apple.com/auth/keys"
 
-	// Create the keyfunc options. Refresh the JWKS every hour and log errors.
-	options := keyfunc.Options{
-		// https://github.com/supertokens/supertokens-golang/issues/155
-		// This causes a leak as the pointer to JWKS would be held in the goroutine and
-		// also results in compounding refresh requests
-		// RefreshInterval: time.Hour,
-	}
-
 	// Create the JWKS from the resource at the given URL.
-	jwks, err := keyfunc.Get(jwksURL, options)
+	jwks, err := getJWKSFromURL(jwksURL)
 	if err != nil {
 		return claims, err
 	}
diff --git a/recipe/thirdparty/providers/googleWorkspaces.go b/recipe/thirdparty/providers/googleWorkspaces.go
@@ -19,7 +19,6 @@ import (
 	"errors"
 	"strings"
 
-	"github.com/MicahParks/keyfunc"
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/supertokens/supertokens-golang/recipe/thirdparty/api"
 	"github.com/supertokens/supertokens-golang/recipe/thirdparty/tpmodels"
@@ -139,16 +138,8 @@ func verifyAndGetClaims(idToken string, clientId string) (jwt.MapClaims, error)
 	// Get the JWKS URL.
 	jwksURL := "https://www.googleapis.com/oauth2/v3/certs"
 
-	// Create the keyfunc options. Refresh the JWKS every hour and log errors.
-	options := keyfunc.Options{
-		// https://github.com/supertokens/supertokens-golang/issues/155
-		// This causes a leak as the pointer to JWKS would be held in the goroutine and
-		// also results in compounding refresh requests
-		// RefreshInterval: time.Hour,
-	}
-
 	// Create the JWKS from the resource at the given URL.
-	jwks, err := keyfunc.Get(jwksURL, options)
+	jwks, err := getJWKSFromURL(jwksURL)
 	if err != nil {
 		return claims, err
 	}
diff --git a/recipe/thirdparty/providers/utils.go b/recipe/thirdparty/providers/utils.go
@@ -21,6 +21,10 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"sync"
+	"time"
+
+	"github.com/MicahParks/keyfunc"
 )
 
 func doGetRequest(req *http.Request) (interface{}, error) {
@@ -47,3 +51,30 @@ func doGetRequest(req *http.Request) (interface{}, error) {
 	}
 	return result, nil
 }
+
+var jwksKeys = map[string]*keyfunc.JWKS{}
+var jwksKeysLock = sync.Mutex{}
+
+func getJWKSFromURL(url string) (*keyfunc.JWKS, error) {
+	if jwks, ok := jwksKeys[url]; ok {
+		return jwks, nil
+	}
+
+	jwksKeysLock.Lock()
+	defer jwksKeysLock.Unlock()
+
+	// Check again to see if it was added while we were waiting for the lock
+	if jwks, ok := jwksKeys[url]; ok {
+		return jwks, nil
+	}
+
+	options := keyfunc.Options{
+		RefreshInterval: time.Hour,
+	}
+	jwks, err := keyfunc.Get(url, options)
+	if err != nil {
+		return nil, err
+	}
+	jwksKeys[url] = jwks
+	return jwks, nil
+}
