# `PushX.JWTCache`
[🔗](https://github.com/cignosystems/pushx/blob/v0.11.0/lib/push_x/jwt_cache.ex#L1)

Cache for short-lived bearer tokens (currently APNS JWTs).

Reads are lock-free via a public ETS table. On a cache miss, refresh is
serialized through this GenServer to prevent a thundering-herd of JWT
generations. If the GenServer crashes, its supervisor restarts it and the
next call regenerates the token — there is no shared mutex that can be
left held, so a killed refresher cannot deadlock the cache.

# `cache_key`

```elixir
@type cache_key() :: term()
```

# `child_spec`

Returns a specification to start this module under a supervisor.

See `Supervisor`.

# `get_or_generate`

```elixir
@spec get_or_generate(
  cache_key(),
  (-> {:ok, String.t()} | {:error, term()}),
  pos_integer()
) ::
  {:ok, String.t()} | {:error, term()}
```

Returns a cached token if still fresh, otherwise asks the cache process
to generate a new one via `generate_fn` and caches it for `ttl_ms`.

`generate_fn` must return `{:ok, token}` or `{:error, reason}`.

# `invalidate`

```elixir
@spec invalidate(cache_key()) :: :ok
```

Removes a cached entry. Used when an instance is stopped.

---

*Consult [api-reference.md](api-reference.md) for complete listing*