Behaviour for caching JWKS (JSON Web Key Sets) fetched from platform endpoints.
The default implementation is Ltix.JWT.KeySet.EtsCache, which uses an ETS
table. A Ltix.JWT.KeySet.CachexCache adapter is also provided for projects
that already use Cachex.
Custom Implementations
Implement this behaviour to use your own cache backend:
defmodule MyApp.JWKSCache do
use Ltix.JWT.KeySet.Cache
@impl true
def get(jwks_uri), do: ...
@impl true
def put(jwks_uri, keys, max_age), do: ...
@impl true
def delete(jwks_uri), do: ...
endThen configure it:
config :ltix, :jwks_cache, MyApp.JWKSCacheOr pass per-call:
Ltix.JWT.KeySet.get_key(registration, kid, cache: MyApp.JWKSCache)Summary
Callbacks
Remove a cached entry for a JWKS URI.
Look up cached keys for a JWKS URI.
Store keys for a JWKS URI with a TTL.
Callbacks
@callback delete(jwks_uri :: String.t()) :: :ok
Remove a cached entry for a JWKS URI.
Called before re-fetching on a key ID miss (key rotation).
Look up cached keys for a JWKS URI.
Returns {:ok, keys} where keys is %{kid => JOSE.JWK.t()},
or :miss if the entry is absent or expired.
@callback put(jwks_uri :: String.t(), keys :: map(), max_age :: non_neg_integer()) :: :ok
Store keys for a JWKS URI with a TTL.
max_age is the number of seconds the entry should be considered fresh,
derived from the cache-control: max-age HTTP header. A value of 0
means no caching.