RemoteJWKSet use synchronized for synchronization. But this will suspend the carrier thread. In some specific situations, it may cause the server to hang:
single carrier thread.(Single core CPU). And call itself to retrieve jwk.
RemoteJWKSet is deprecated. Should we replace it with JwkSourceBuilder?
SpringBoot: 3.3.1 Java: Temurin-21.0.4+7
Comment From: rwinch
Thank you for the report. Would you be interested in submitting a pull request to replace RemoteJWKSet?
Comment From: franticticktick
Hi @rwinch, in this issue we need to replace the old jose api with a new one. This is not a very simple issue, for example JWKSetCache is now deprecated, and it is needed for JwkSourceBuilder. I can think about how to solve this issue.
Comment From: rwinch
Closing as duplicate of gh-16251