Expand description
Shared LRU cache for federated access tokens.
Tokens returned from a remote’s /api/auth/access-token endpoint are
HS256-signed with the remote’s secret and valid for ACCESS_TOKEN_EXPIRY
(currently 3600s). Without caching, every cross-instance HTTP request
triggers a fresh proxy-token exchange (P384 verify + HS256 sign on the
remote). This cache amortises that cost across multiple requests to the
same remote.
The cache lives on AppState (not on Request) so that any code path
that talks to a remote tenant — file sync, profile sync, future instant
messaging, etc. — can share the same warm token pool.
Structs§
- Proxy
Token Cache - LRU-bounded cache of access tokens keyed on (local tn_id, remote id_tag).