Add an access token introspection cache to make Matrix Authentication Service integration (MSC3861) more efficient. (#18231) - matrix/thirdparty/synapse.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	reivilibre <oliverw@element.io>	2025-04-01 13:31:19 +0000
committer	GitHub <noreply@github.com>	2025-04-01 14:31:19 +0100
commit	1709234311d2395d4dd432b997db387bade1c677 (patch)
tree	2a0284c3c7b3151981dbf51a6f4ef53e43b86de6 /docs/usage/configuration/config_documentation.md
parent	Bump actions/upload-artifact from 4.6.1 to 4.6.2 (#18304) (diff)
download	synapse-1709234311d2395d4dd432b997db387bade1c677.tar.xz

Add an access token introspection cache to make Matrix Authentication Service integration (MSC3861) more efficient. (#18231)

Evolution of
https://github.com/element-hq/synapse/commit/cd78f3d2ee15ccf3e8229a1f529e0e2c16e15c45

This cache does not have any explicit invalidation, but this is deemed
acceptable (see code comment).

We may still prefer to add it eventually, letting us bump up the
Time-To-Live (TTL) on the cache as we currently set a 2 minute expiry
to balance the fact that we have no explicit invalidation.


This cache makes several things more efficient:

- reduces number of outbound requests from Synapse, reducing CPU
utilisation + network I/O
- reduces request handling time in Synapse, which improves
client-visible latency
- reduces load on MAS and its database


---

Other than that, this PR also introduces support for `expires_in`
(seconds) on the introspection response.
This lets the cached responses expire at the proper expiry time of the
access token, whilst avoiding clock skew issues.

Corresponds to:
https://github.com/element-hq/matrix-authentication-service/pull/4241

---------

Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>

Diffstat (limited to 'docs/usage/configuration/config_documentation.md')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: