Redis Storage with External IdP

If I use OAuth with an external IdP doing the authentication, what will Tyk store in Redis? Would it cache the keys used to validate JWT access tokens? Open Telemetry data? Rate limiting data?

I have seen the little bit of documentation about Redis and how it should be made durable (protected) when API keys and OAuth client information is handled directly by Tyk, just trying to understand what kind of data goes in there if Tyk is not handling the authentication portion of OAuth.

Hi @elmaestro,

Thank you for your question.

Yes, even with external authentication, Tyk still relies on Redis for critical functions and performance optimization. Please see a bit about this below:

  1. Rate Limiting & Quotas – Redis tracks request rates, quota limits, and usage statistic

  2. Session Storage – Aside from rate and quota info, these session objects also include metadata which could be useful for analytics or used by other middleware

  3. Token Cache - Validated JWT access tokens are cached in Redis for performance optimization

  4. Key Expiry Management - Key expiration is also maintained in Redis, ensuring proper access control

  5. Analytics Buffer – Temporary storage for analytics data before processing (with Pump)

Please let us know if you require further clarification