paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

fix(auth0): use stable sub claim as cache key instead of refresh token

Browse Source 
Auth0 rotates refresh tokens on each use, causing cache misses every
time. Use the user's sub claim from the ID token as the cache key
instead, which is stable per user.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com>
This commit is contained in:
Jonathan Roebuck
2026-04-02 11:35:00 +01:00
committed by Jack Palmer
parent b3bbd42f91
commit ca3ef847f5
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/auth-backend-module-auth0-provider/src/authenticator.ts
+4 -1
View File
@@ -138,7 +138,10 @@ export function createAuth0Authenticator(options?: { cache?: CacheService }) {
input.scope,
);
const cacheKey = `auth0-profile:${input.refreshToken}`;
const sub = JSON.parse(
Buffer.from(result.params.id_token.split('.')[1], 'base64').toString(),
).sub;
const cacheKey = `auth0-profile:${sub}`;
let fullProfile = (await profileCache?.get(cacheKey)) as
| PassportProfile
| undefined;