Distributing invalidated tokens between instances is not working in all cases #4193
Description
The APIML collects revoked tokens (if a user calls the logout endpoint) and should distribute them between all instances. It is working well if all services are in good shape, but there are a couple of situations when to distribution is broken.
- Start 2 instances of GW / ZAAS
- Log out X on instance A (it is distributed to instance B - correct)
- Stop instance B
- Log out Y on instance A (it distribution is not done)
- Start instance B
- Instance B should ask instance A for the redistribution of tokens - it is not implemented
- Stop instance A
- Token X is invalid, but token Y is valid
There is also a question about the requirement for a certificate for calling the endpoints. It should be allowed only to the APIML certificate, but it looks like the client ones are accepted as well.
Solution A:
- After startup and loading Eureka instances, the GW / ZAAS should ask all other instances for the distribution of all tokens
- The certificate for endpoints (/gateway/api/v1/auth/distribute/** and /gateway/api/v1/auth/invalidate/**) should be restricted only to the APIML cert
Solution B:
- Replace ehCache with Infinispan and remove the code simulating a distributed cache
- It is related to the Using only one cache library in the project #4172
This issue was created based on the code review of #4191