OAuth is almost the last thing left on Redis. It will have to move off for multi-DC.
- Review the OAuth spec and extension and extract data store requirements
- Implement those requirements in WMF production
Name | TTL | Delete on consume | Traffic | Solution |
---|---|---|---|---|
OAuth 1.0 request tokens | 10 mins | yes | low | mainstash |
OAuth 1.0 consumer & callback data | 10 mins | no | low | mainstash |
OAuth 1.0 nonces | 5 mins | no | high | mcrouter |
OAuth 2.0 auth codes | 4 hours | yes | low | mainstash |
OAuth 2.0 refresh tokens | 365 days | yes | low | mainstash |