Memory-efficient way of retrieving `/.well-known/jwks.json` when instance has large number of Keys

[seanadkinson]

Memory-efficient way of retrieving /.well-known/jwks.json when instance has large number of Keys

Problem

We have 2983 Applications in our instance, and 8375 keys in Key Master. When requesting /.well-known/jwks.json, we are getting 100k lines of JSON, and currently getting an OOM error when parsing.

Solution

We need a memory-efficient way of retrieving these keys. Could that result set be paged? Any query params available to specify a subset of keys, if we happen to know the ones we want? I'm not sure if that's feasible, but just looking for ideas/options.

Alternatives/workarounds

We can increase memory and solve in the short term, but would you have any recommendations for a longer-term fix?

Additional context

Each one of our Customers is created as an Application in FusionAuth. As mentioned above, we have almost 3k customers. The server that was retrieving jwks.json is a dropwizard service running in docker with 1gb of memory. We have increased this to 2gb to avoid the error for now, but eventually we'll need a memory-efficient solution.

Related issues:

• Pagination for everyone! And all things! #374

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

[mooreds]

Would letting you filter by client_id work? What would be your ideal solution?

I looked at the JWKS spec and it doesn't say anything about pagination or filtering, just that any set of keys returned needs to fit a certain format: https://www.rfc-editor.org/rfc/rfc7517