What are some ways in which one can avoid making round trips to the auth server from within an app?
I have the following layout:
- Hydra
- Login Service
- API Service - GraphQL (JWT tokens would be great)
- Apps (Web app, Mobile App, Another Web App)
As per my setting I get back
%OAuth2.Client{
authorize_url: "http://localhost:4444/oauth2/auth",
client_id: "12345678",
client_secret: "XfdnUngYVyBVkxvx0hOTU+8jR5zTVUR4LLx97/xJghvH7fwdyCrWzom3Lg35Fp4J",
headers: [],
params: %{},
redirect_uri: "http://localhost:4010/api/callback",
ref: nil,
request_opts: [],
serializers: %{"application/json" => Jason},
site: "http://localhost:4000",
strategy: MyAppStrategy,
token: %OAuth2.AccessToken{
access_token: "jB38sKsU_Gdxi3BSKp-3QsRJlItPApy6I5LWQhfIApM.86X0n1WFCD7kVJUQtCNGc7MRBD-NhZ35CpBDuCL02-0",
expires_at: 1591128048,
other_params: %{
"id_token" => "eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzphNjkzYWIzYy1hNzI4LTQ3MTctYTI3NS04MmY1MjNiNDMyZWIiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiVEZGaU1pOVpWLUhHUVJ5ZWlNNkM3USIsImF1ZCI6WyIxMjM0NTY3OCJdLCJhdXRoX3RpbWUiOjE1OTExMjQ0MzAsImV4cCI6MTU5MTEyODA0OCwiaWF0IjoxNTkxMTI0NDQ4LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQ0NDQvIiwianRpIjoiMmMzYTU3NzgtZTZjZS00MTc5LWJkN2EtZmQyMTUwYTFlNGMxIiwibm9uY2UiOiIiLCJyYXQiOjE1OTExMjQzNTUsInNpZCI6IjhhMTc0MzRiLWVhYWUtNGNlMC1iNjFjLWQ0NWQyMmQzYmZhMyIsInN1YiI6ImY2YjkzZTcyNTQ2NDRiNmE5YWMwMzBiMGU5MWY0ZGRhIn0.Hwc-_uQE9cByvSJsCs5o-dtibjhk8Q0pir6El7RwrBiVaAgOCTfuc2KSn7Dmyz7oblhkbquO-JXXeXncSP5Df9WbKTq5OEOnLSRq2U2Cwt_7Fc4fyG4pwSnSpxmxKR1es_alplefEt_5dVK-g6TeulDweXwb9zjKGG6XDCes9IEwSc-Bxt8XHJVou4RfdebUNRkhJgfy06B0gH_s0E0jNDa0HMeWe84Tqqx5Bkb3CRljd9RqUmBluaZ8crcg_CxRBz1y3y00QRV_pPm7draNsBiK4x_cdd6dhj7tgE3v4ASMfU7v2rhT47mJzYP0NtE3frQERX6IXgNw6A72mrNsHTIxUeMzm9lQk1GcGjxLJbMxQGIAbnjaSwnd4iWpsxYmwkrBQVVJBcm9TQS0Rfh9n6FfOYPO3PIzZItSXC9oK5cf9N_-EDUpJOathEw4dqgpGVyxuuDgP0tnKMZJ08xPdcF0wMEcNmKUmacrsJySAGLiAbLk1D3CVEdmJcqMof3Rbbu9sWuKudjhR0487TCzxav02YpNH62SyFAFhA5oHmtYLKK4LlipJP9YQmnyae0xqwKgxOjSXlxmgJ6JqE0ISuwC4yS8XKtZ2snBbr0rnRCE9hoq_71qU8WEM17E1QfxIyOfX9dg8yORSLyk6NktwQghy9x_YkMlAm3WqJpwhyg",
"scope" => "dashboard offline_access openid"
},
refresh_token: "3RE5SUzHYV8ZsQGNwmmmZ7wgGHycIXEB3Sxjkn_84BE.RTctTBFJ2ty477-awUxb99zk8aqhAHbcqMJBtkTKiGg",
token_type: "Bearer"
},
token_method: :post,
token_url: "http://localhost:4444/oauth2/token"
}
What are some best practices around how I can avoid making calls to the Hydra server to check each time a code is supplied?
Would it make sense to have short lived caches for the token supplied?
Is it a better option to save the JWT?