Hi Team,
In one of the use cases we were brainstorming, we have microservice endpoints that are being called from backend routines running on other servers. Based on the program logic there may be 100s of API calls within 10-20 minutes.
The APIs are protected by OKTA authentication, the access tokens are cached and being used as bearer tokens for the entire execution of the program (max 30 mins). The tokens are validated via PKCE flow (via spring boot starter).
If we understood correctly, the spring-boot-starter based integration invokes OKTA endpoints to validate (introspect) the tokens, and each time, a network call happens. Do we have any sort of caching supported at the spring level, so that when frequent requests with same bearer token is attempted, the same can be resolved without invoking external URLs for a configurable number of seconds or minutes?
Related blog: JWT vs Opaque Access Tokens: Use Both With Spring Boot | Okta Developer