Currently, each call to the jwt_authorization_middleware instantiates a new JwtTokenValidator, so we cannot persist the PyJWKClient objects used, which means that the provided caching utility for that class is not leveraged.
Thus, we make an unnecessary extra request to https://login.botframework.com/v1/.well-known/keys or https://login.microsoftonline.com/{self.configuration.TENANT_ID}/discovery/v2.0/keys on every validation of the incoming JWT when we could just use a cached value.
Currently, each call to the
jwt_authorization_middlewareinstantiates a newJwtTokenValidator, so we cannot persist thePyJWKClientobjects used, which means that the provided caching utility for that class is not leveraged.Thus, we make an unnecessary extra request to
https://login.botframework.com/v1/.well-known/keysorhttps://login.microsoftonline.com/{self.configuration.TENANT_ID}/discovery/v2.0/keyson every validation of the incoming JWT when we could just use a cached value.