I see that OpenFGA has the ability to cache results for some defined period of time. I am wondering if Okta FGA has a similar concept? If so, what is the default and can that be modified?
Okta FGA has a two level cache, that it’s currently set to 10 seconds each. Worst case, it can be ~20 seconds. It can’t be configured.
We are working on adding an option to query APIs to let you skip the cache if you want, at the expense of latency.
Can you elaborate on your use case and how you’d want it to work?
Thanks
Okay thanks, that helps. I am thinking more about DR or HA. Is the caching separate from whatever is doing the actual policy evaluation? If the policy evaluation engine is down, is caching still up?
Is there also any thought of being able to run a local cached copy of the tuple database and its policies locally if the Okta FGA API was down? Or possibly being able to have my tuple database accessible in multiple tenants or regions?
Okta FGA is deployed in a HA environment. Each Jurisdiction (US / EU / AU) is deployed to two AWS regions, backed by DynamoDB in Active-Active mode. We route your calls to the closest service in a Jurisdiction (in the US, it’s us-east-1/us-west-2).
If the unlikely scenario that DynamoDB is down (it has 99.999 availability) we’ll route the call to the other region.
You can keep a local OpenFGA environment that subscribes to changes using the /changes endpoint if you want, but you’d need to be able to scale it up well if you want to serve all traffic from it.
Awesome, thank you. This helps a lot!