Preload private_key in JwtTokenSource #519
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vgvoleg
approved these changes
Nov 6, 2024
LuckySting
force-pushed
the
speed-up-jwt-token-source
branch
from
25e1277 to
ee036c9
Compare
LuckySting
force-pushed
the
speed-up-jwt-token-source
branch
from
ee036c9 to
c7f7244
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR improves the performance of JWT token issuing by preloading and converting the PEM-encoded private key once during JwtTokenSource initialization instead of on every token generation.
- Preload the private key in the constructor to reduce the token creation time.
- Add a dependency check for the cryptography library.
- Modify file reading mode to binary to correctly handle PEM keys.
Comments suppressed due to low confidence (1)
ydb/oauth2_token_exchange/token_source.py:80
- [nitpick] Consider adding error handling around the PEM key conversion (i.e., load_pem_private_key) in case the provided key data is malformed to provide clearer error reporting.
if isinstance(self._private_key, str):
Comment on lines
56
to
+57
| assert jwt is not None, "Install pyjwt library to use jwt tokens" | ||
| assert load_pem_private_key is not None, "Install cryptography library to use jwt tokens" |
There was a problem hiding this comment.
Using assert for dependency checks might be bypassed in optimized mode; consider raising an explicit exception to ensure the cryptography library is available in production.
Suggested change
| assert jwt is not None, "Install pyjwt library to use jwt tokens" | |
| assert load_pem_private_key is not None, "Install cryptography library to use jwt tokens" | |
| if jwt is None: | |
| raise ImportError("Install pyjwt library to use jwt tokens") | |
| if load_pem_private_key is None: | |
| raise ImportError("Install cryptography library to use jwt tokens") |
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Loading cryptography keys from pem-encoded bytes string takes a lot of time (~250ms). Due to private_key is not changed during the life of
JwtTokenSourceit could be done only once, which would significantly speed up token issuing.Pull request type
Please check the type of change your PR introduces:
What is the current behavior?
Currently the private key is loaded on each call of
token()method, which takes ~250ms.Issue Number: N/A
What is the new behavior?
Now the private key is loaded only once in class constructor, which leads to speed up of
token()method from 250ms to 4ms.Other information