Spring Security Provide possibility to configure JWK set cache TTL

Summary

As a developer I would like to have possibility to configure JWK set cache setting cache TTL I want. In our case we want it to be longer than default - 5 minutes.

Actual Behavior

The cache duration described is hardcoded somewhere inside NimbusJwtDecoder while JWKSource created as: JWKSource<SecurityContext> jwkSource = new RemoteJWKSet(toURL(this.jwkSetUri), jwkSetRetriever);

Expected Behavior

The cache duration described should be configurable (RemoteJWKSet class has third constructor parameter JWKSetCache that should be used).

Version

I'm using the latest released one, the problem is permanent.

Sample

Currently I'm creating decoder as: var decoder = JwtDecoders.fromIssuerLocation(issuer); I'm not sure about the best way to make it configurable, I actually can override it by myself rewriting a lot of code from NimbusJwtDecoder, but I think I'm not the only one who need it and would be nice to have such possibility from your side. There is a question on stackoverflow as well: https://stackoverflow.com/questions/60409678/how-to-increase-remotejwkset-cache-ttl-in-spring-security-5-2

Comment From: 20fps

Oh, and as I can see there is request for these changes: https://github.com/spring-projects/spring-security/pull/7639/files What about its status?

Comment From: rwinch

I'm going to close this as a duplicate. Let's move the discussion to gh-7639