JWT cache in L1 and L2

Google Cloud Apigee
1

Hi,

We are caching JWT for 20 minutes, which has custom Payload data per my use case added into Payload, when even JWT is generated.

Per docs cache stored in L1 for a second and later store in Cassandra DB (L2) encrypted)

Q1: When i do the Invalidate cache for JWT (before 20 minutes) will JWT cached details gets deleted from both L1 and L2 ? due to listed Invalidate cache ?

Q2: When i set expiry for JWT to 10 minutes. In such case its not store in apigee.

@dino

2 Likes
Community Tech Talk: Community Q&A Live: Answering Your Forum Questions - Nov 20
2

Hi!

Matt Hartmann (Customer Engineer for Apigee), answered this question live during one of our community tech talks. Check it out! :right_arrow: Community Tech Talk: Community Q&A Live: Answering Your Forum Questions - Nov 20

If you want to continue learning with the Apigee experts, don’t miss the upcoming session this Thursday, December 4th, with @omidt at 4 pm CET (10 am NY time)

Reserve your spot for the Community Q&A Live :backhand_index_pointing_right:t3: Apigee & Application Integration Tech Talks

3

Yes. I assume you are speaking of the PopulateCache and LookupCache policies, and maybe InvalidateCache. The L1 and L2 stuff is implementation details; you should not need to concern yourself with that. When you use InvalidateCache, the cache item is invalidated. Full stop. This is independent of the contents of the cache entry - whether it is a JWT or not is irrelevant.

I don’t quite understand what you’re saying or asking here. This is what I got:: you are saying: when the specific payload of the JWT has an expiry of 10 minutes… the Apigee cache is not working as you expect. This does not make sense. Those two things are independent. If you are using the PopulateCache policy to insert things into the cache, then the expiry of the cache item is independent of the exp claim in the JWT.

A possible way these two things could be related is if your API proxy performs “manual” TTL Calculation for the cache entry, derived from the JWT payload exp claim. But if that is what you are doing, then it sounds like the cause of the problem you are observing would be an arithmetic or logical error in your API Proxy.

If you can clarify what you want, or the problem you are seeing, I might be able to help further.