Setting to disable jwt token caching

We’re using jitsi for our services with JWT tokens based on public/private keys.
We are artificially handling expiration of those keys on ASAP server and alse handle renewal of new public/private key pairs if needed and if allowed by our licence. All keys for one customer have same kid.

In this setup we found a problem with jitsi, resp. jitsi prosody plugin that handled verification of JWT tokens. Once it downloads public key from ASAP server it stores the key in cache and next time it looks in that cache. The cache size can be set (jwt_pubkey_cache_size, default 128), but cannot be set to zero, ie it is not possible to disable it.

So the problem is, when we rotate public/private keys, there is a chance, that prosody has old key in cache and thus woun’t authenticate users. We can set the cache to 1 entry, which will limit this case dramatically, but not completely - when we renew key pair on meeting request there is a high chance, that the key stored in cache is actually for kid that has it’s key rotated.

Can we have some setting to disable caching of jwt public keys?
Currently we are internaly patching prosody plugin to disable this behaviour, but maybe someone else would want this.

Doesn’t this work for you https://github.com/jitsi/jitsi-meet/blob/master/resources/prosody-plugins/token/util.lib.lua#L21 ?
Why cannot set it to zero? Maybe create a PR where setting to anything < 1 will disable the cache.

I tried set it to 0 of course with same assumption that it might disable the cache, but than prosody raises exception that cache size cannot be zero or less and module fails to load.
The value check is done in cache module in my opinion and that is prosody stuff i don’t know anything about, hence the feature request, because i don’t know where to make this kind of change and it’s beyond my ability to do simple things :wink: