
n44p7 (n44p7) asked a question.
Hi Team,
In one of the use cases we were brainstorming, we have microservice endpoints that are being called from backend routines running on other servers. Based on the program logic there may be 100s of API calls within 10-20 minutes.
The APIs are protected by OKTA authentication, the access tokens are cached and being used as bearer tokens for the entire execution of the program (max 30 mins). The tokens are validated via PKCE flow (via spring boot starter).
If we understood correctly, the spring-boot-starter based integration invokes OKTA endpoints to validate (introspect) the tokens, and each time, a network call happens. Do we have any sort of caching supported at the spring level, so that when frequent requests with same bearer token is attempted, the same can be resolved without invoking external URLs for a configurable number of seconds or minutes?

Hello @n44p7 (n44p7),
In this scenario, we may need to know more details about your setup to give you the correct answer. Our documentation only mentions one method of integrating Spring-boot and we may need to check the Application configuration too.
Since this is a custom API Integration I suggest you post this question on our Okta Developer Forums: https://devforum.okta.com, this is a place for the Okta developer community to interact.
Please let us know if this was useful and allow you to solve your problem.
Have a great day ahead.
Regards,
Natalia
Okta Inc.
Thanks @User16254393570754125507 (Okta) , I think, below blog details some aspects of what I was looking for. Sorry, I am not entitled to provide any more specifics of the approach being discussed, as it is internal.
https://developer.okta.com/blog/2020/08/07/spring-boot-remote-vs-local-tokens
Raised the same under dev forum:
https://devforum.okta.com/t/optimization-of-okta-introspect-via-okta-spring-boot-starter/18522