Skip to content

feat: add resilience layer for Authlete API calls (rate limit best practices)#87

Merged
meysam merged 5 commits into
masterfrom
feat/authlete-rate-limit-resilience
Jul 9, 2026
Merged

feat: add resilience layer for Authlete API calls (rate limit best practices)#87
meysam merged 5 commits into
masterfrom
feat/authlete-rate-limit-resilience

Conversation

@meysam

@meysam meysam commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Implements caching, conditional retry with exponential backoff and jitter, and per-endpoint circuit breakers with stale-cache fallback, as described in the Rate Limit Best Practices guide.

All endpoints obtain the AuthleteApi client through a dynamic proxy wrapper; behavior is tunable via resilience.properties and can be disabled entirely with resilience.enabled=false.

…actices)

Implements caching, conditional retry with exponential backoff and jitter, and per-endpoint circuit breakers with stale-cache fallback, as described in the Rate Limit Best Practices guide.

All endpoints obtain the AuthleteApi client through a dynamic proxy wrapper; behavior is tunable via resilience.properties and can be disabled entirely with resilience.enabled=false.
@meysam
meysam marked this pull request as draft June 11, 2026 13:49
Comment thread src/main/java/com/authlete/jaxrs/server/resilience/AuthleteRetryPolicy.java Outdated
Comment thread src/main/java/com/authlete/jaxrs/server/resilience/AuthleteCacheableMethods.java Outdated
Meysam Tamkin added 2 commits June 15, 2026 20:26
Remove redundant RateLimit-Reset header variant and drop DPoP/message-signature-only
params from the introspection cache key.
@meysam
meysam marked this pull request as ready for review July 6, 2026 13:54
Meysam Tamkin added 2 commits July 7, 2026 18:37
Best-effort local eviction: a successful revocation drops all
cached introspection entries for that token via prefix match. Other
instances remain bounded by the short TTL. Includes e2e tests through
the resilient proxy.
…limit-resilience

Co-authored-by: Cursor <cursoragent@cursor.com>

# Conflicts:
#	pom.xml
#	src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/AuthorizationEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/FederationConfigurationEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/FederationRegistrationEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/GrantManagementEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/IntrospectionEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/JwksEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/PushedAuthReqEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/RevocationEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/UserInfoEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationCallbackEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/device/DeviceAuthorizationEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/device/DeviceCompleteEndpoint.java
#	src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferEndpoint.java
@meysam
meysam merged commit 52fa402 into master Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants