How to 'disperse' the jwt token refreshes

[abregar]

I have a specific use case with setup of ory/hydra. There are large amount of embedded devices with regular consent flow and autorefreshing the jwt on client's detection of exp. But what happens is they somewhat 'synchronize' in refresh request, producing spikes at the back-end service.

The question is which tier is the most appropriate to address such issue. I think it is lesser responsibility on the client side and some 'randomness' should be managed on the back-end.

So, there are two ideas on my mind:

• starting the multiple instances of hydra, each configured with slight offset in access_token ttl, but here's the questionable influence on inner hydra business logic behavior
• request for official new functionality in hydra, where some 'jitter' in ttl is possible to configure up-front

Thank you in advance for the educated opinion.

[aeneasr]

Hi @abregar - sorry for the late response on this one! We're introducing a new feature which allows you to configure different lifespans per client, this could help with your proposal.

Regarding jitter itself, I don't think that we'll be able to introduce that as there are too many other pieces (max_age for example) depending on predictable behavior.

[abregar]

Answer with good news is never too late, ty.
Can you please point to some issue or commit where the mentioned functionality is described in more detail?
And probably this is targeted for upcoming 2.x hydra release?

[aeneasr]

Sure! :) That would be: #3206
It will be available on 1.x also!