diff --git a/docs/modules/ROOT/pages/documentation/microprofile/jwt.adoc b/docs/modules/ROOT/pages/documentation/microprofile/jwt.adoc index 68b8e306..0c393220 100644 --- a/docs/modules/ROOT/pages/documentation/microprofile/jwt.adoc +++ b/docs/modules/ROOT/pages/documentation/microprofile/jwt.adoc @@ -196,6 +196,16 @@ NOTE: This property has to be defined in the `payara-mp-jwt.properties` configur IMPORTANT: Keep in mind that tokens which are missing their type claim and are propagated to other services running on other Eclipse MicroProfile runtimes might be rejected, as the specification mandates the inclusion of the claim. +=== Caching the Public Key + +_Since Payara Platform 5.2021.1_ + +By default, the public key retrieved by the `mp.jwt.verify.publickey.location` configuration property will be cached in memory for 5 minutes after being read from either a local file or a remote location. You can modify this _"time-to-live"_ which determines how long the key stays cached in memory in the case you are dealing with long-lived keys, this is done by setting the `publicKey.cache.ttl` custom property. + +NOTE: This property has to be defined in the `payara-mp-jwt.properties` configuration file described in the previous section. + +IMPORTANT: The value of the `publicKey.cache.ttl` property is defined in milliseconds, so keep this in mind when modifying the property + == Activating JWT Authentication An application activates the JWT authentication mechanism and identity store by annotating a class in the application, for instance, the JAX-RS `Application` class, with `@LoginConfig(authMethod = "MP-JWT")`. @@ -252,4 +262,4 @@ The out-of-the-box support of `@RolesAllowed` for JAX-RS resources can be switch Two full examples of using JWT authentication with a JAX-RS endpoint as well as a Servlet resource are provided here: -* https://github.com/javaee-samples/microprofile1.2-samples/tree/master/jwt-auth \ No newline at end of file +* https://github.com/javaee-samples/microprofile1.2-samples/tree/master/jwt-auth