Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: symfony/security-http
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v8.0.0-RC1
Choose a base ref
...
head repository: symfony/security-http
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v8.0.0-RC2
Choose a head ref
  • 3 commits
  • 2 files changed
  • 2 contributors

Commits on Nov 14, 2025

  1. [Security] Set OIDC JWKS cache TTL from provider headers

    @Ali-HENDA @nicolas-grekas
    Ali-HENDA authored and nicolas-grekas committed Nov 14, 2025
    Configuration menu
    Copy the full SHA
    46803a0 View commit details
    Browse the repository at this point in the history

  2. bug #62369 [Security] Set OIDC JWKS cache TTL from provider headers (… 

    …Ali-HENDA)

This PR was merged into the 7.4 branch.

Discussion
----------

[Security] Set OIDC JWKS cache TTL from provider headers

| Q             | A
| ------------- | ---
| Branch?       | 7.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Issues        | Fix #62340
| License       | MIT

This PR aligns the OIDC JWKS discovery cache with OpenID Connect best practices by making it dynamic and respecting provider cache headers.

**Before**
- The JWKS was cached with a fixed lifetime, ignoring the OIDC provider’s cache policy.

**After**
- The cache TTL is now automatically determined from the provider response:
  - Prefer `Cache-Control: max-age`
  - Fallback to `Expires`
  - When multiple providers are configured, the lowest TTL is applied.

Commits
-------

61acbf15475 [Security] Set OIDC JWKS cache TTL from provider headers
    @nicolas-grekas
    nicolas-grekas committed Nov 14, 2025
    Configuration menu
    Copy the full SHA
    8c595fd View commit details
    Browse the repository at this point in the history

  3. Merge branch '7.4' into 8.0 

    * 7.4:
  [Security] Set OIDC JWKS cache TTL from provider headers
  [DependencyInjection] Call default index method when index is not provided by tag
  [Console] Remove a redundant local variable in the console Application class.
  [Cache] Recognize commit events as writes in `CacheDataCollector`
  [Routing] Align routing.schema.json with YamlFileLoader behavior
  Bump Symfony version to 7.4.0
  Update VERSION for 7.4.0-RC1
  Update CHANGELOG for 7.4.0-RC1
    @nicolas-grekas
    nicolas-grekas committed Nov 14, 2025
    Configuration menu
    Copy the full SHA
    3dfe841 View commit details
    Browse the repository at this point in the history
Loading