Module oidc_cache 

Process-wide cache of OIDC discovery documents. The cache is populated lazily on first use of an oidc_issuer-configured provider and never invalidated — the discovery doc is meant to be stable for the lifetime of the process. If the IdP changes endpoints (rare), restart the server.

Functions

resolve

Resolve an issuer URL into a ResolvedSpec. On cache miss fetches <issuer>/.well-known/openid-configuration over HTTPS and parses it. The cache key is the issuer URL exactly as supplied — pylon does NOT canonicalize trailing slashes so the caller controls cache keying.