Istio come with out of the box ability to validate the JWT tokens that comes inside a client request header. And we were able to sucessfully use the RequestAuthentication policy.
My query was if we can cache the JWT tokens at the ingress gateway for improved performance. Can you provide some pointers on how this can be done.
Can you clarify a little bit what exactly you want to cache? The process of validating a JWT token? And what is the cache key for your use case?
@YangminZhu We are trying to cache the JWT tokens at the istio ingress gateway. If the token is valid, we want to cache these tokens so that the subsequent requests passing through the gateway are faster and will give better performance. The token once expired needs to be refreshed. My question was ,is this automatically handled by the Istio Ingress gateway or we need special handling. How do we handle the token refresh workflow?
Is this possible or should we be using some other ingress
Did anyone find a solution for this?
the Envoy JWT filter has now supported caching the JWT token validation in Add Jwt cache. by mk46 · Pull Request #14341 · envoyproxy/envoy · GitHub. We could evaluation and enable it in Istio by default if it’s stable and reliable enough for production usage.
cc @mathaj