Spring Security Cannot configure cache lifespan of RemoteJWKSet

Summary

Module: spring-security-oauth2-jose There is no way to configure the RemoteJWKSet cache lifespan even it actually allows a DefaultJWKSetCache to be passed in because JwkSetUriJwtDecoderBuilder class is final.

Actual Behavior

Currently, the way to build a JwtDecoder from a JWK set URI is:

NimbusJwtDecoder.withJwkSetUri(uri)
                .jwsAlgorithms(algo)
                .restOperations(restTemplate)
                .build()

So, it means it is only flexible to the algorithm and the HTTP client and that's all.

Expected Behavior

I would like to know if it can be open by any chance so that I can inherit it and override the processor() method for customization

Version

5.2.2.RELEASE

Comment From: jzheaux

I believe this will be covered in #8332