Not able to get updated custom attribute from acce...

Feroz_Mahammad · 03-31-2017 10:37 PM

My use case is add a custom attribute in proxy 1 using SetOAuthV2Info policy and get the same custom attribute in proxy 2 using OAuthV2 (VerifyAccessToken). There is a gap of few seconds in those 2 actions. As per the trace on Proxy 1, I could see that the attribute is added successfully to the access token. But as per trace on Proxy 2, not able to see that attribute as part of call 1 and able to see it in call 2. Didn't understand why? Is it not dynamic? Is there any delay in getting the custom attribute updated? Any help on this issue would be greatly appreciated.

Feroz_Mahammad

One more observation here. I am able to extract the added/updated custom attributes using GetOAuthV2Info all the time where as failing to extract intermittently using OAuthV2 (VerifyAccessToken). Any reason for this behaviour?

akoo

Hello @Mahammad Feroz,

There is a default 'delay' of 180 seconds in a Message Processor(MP). It's actually a cache feature that is enabled so that the MP is snappy with getting information on an access token. You could try modifying the delay down to a lower value, but you will want to keep in mind that the performance of using access tokens will be compromised slightly since instead of using local MP cache, the MP will need to go to Cassandra to request the information.

Does this help?

Report Inappropriate Content

@Alex Koo, Is there any possible way to enforce cache refresh when ever we try to update the access token? If not then by lowering cache refresh value, how much increase in latency will be observed?

alexkoo

Unfortunately there is not-- you will need to tweak the caching TTL (specifically, conf_keymanagement_kms_cache_memory_element_enable=false). The increase in latency to go to C* will vary depending on your infrastructure architecture.

If you have the option, please try and see if performance is good.

Not able to get updated custom attribute from access token