If I use OAuth with an external IdP doing the authentication, what will Tyk store in Redis? Would it cache the keys used to validate JWT access tokens? Open Telemetry data? Rate limiting data?
I have seen the little bit of documentation about Redis and how it should be made durable (protected) when API keys and OAuth client information is handled directly by Tyk, just trying to understand what kind of data goes in there if Tyk is not handling the authentication portion of OAuth.
Yes, even with external authentication, Tyk still relies on Redis for critical functions and performance optimization. Please see a bit about this below:
Session Storage – Aside from rate and quota info, these session objects also include metadata which could be useful for analytics or used by other middleware
Token Cache - Validated JWT access tokens are cached in Redis for performance optimization
Key Expiry Management - Key expiration is also maintained in Redis, ensuring proper access control
Analytics Buffer – Temporary storage for analytics data before processing (with Pump)
Please let us know if you require further clarification