-
-
Notifications
You must be signed in to change notification settings - Fork 0
Instrumentation
TokenAuthority emits ActiveSupport::Notifications instrumentation events for performance monitoring. These events provide timing data that APM tools (New Relic, Datadog, Skylight) automatically capture.
Instrumentation is enabled by default. Configure it in your initializer:
TokenAuthority.configure do |config|
# Enable/disable instrumentation (default: true)
config.instrumentation_enabled = true
endWhen enabled, TokenAuthority automatically logs instrumentation events to Rails.logger at info level.
All events are namespaced with token_authority. prefix and include timing information.
| Event | Payload | Description |
|---|---|---|
token_authority.jwt.encode |
token_size |
JWT token encoding |
token_authority.jwt.decode |
token_size |
JWT token decoding |
| Event | Payload | Description |
|---|---|---|
token_authority.session.create |
(none) | New session created (token issuance) |
token_authority.session.refresh |
(none) | Session refreshed via refresh token |
token_authority.session.revoke |
(none) | Session revoked |
| Event | Payload | Description |
|---|---|---|
token_authority.grant.redeem |
(none) | Authorization grant redeemed for tokens |
| Event | Payload | Description |
|---|---|---|
token_authority.client.resolve |
client_type |
Client ID resolved ("registered" or "url_based") |
token_authority.client_metadata.fetch |
uri, cache_hit
|
Client metadata document fetched |
token_authority.jwks.fetch |
uri, cache_hit
|
JWKS fetched for client authentication |
A complete token exchange emits:
token_authority.client.resolve (0.5ms) client_type="registered"
token_authority.grant.redeem (1.2ms)
token_authority.session.create (15ms)
├── token_authority.jwt.encode (0.4ms) token_size=312
└── token_authority.jwt.encode (0.4ms) token_size=198
A token refresh emits:
token_authority.client.resolve (0.5ms) client_type="registered"
token_authority.jwt.decode (0.3ms) token_size=256
token_authority.session.refresh (15ms)
└── token_authority.session.create (12ms)
├── token_authority.jwt.encode (0.4ms) token_size=312
└── token_authority.jwt.encode (0.4ms) token_size=198
A token revocation emits:
token_authority.client.resolve (0.5ms) client_type="registered"
token_authority.jwt.decode (0.3ms) token_size=256
token_authority.session.revoke (5ms)
You can add your own subscribers for custom metrics collection:
# config/initializers/token_authority_instrumentation.rb
ActiveSupport::Notifications.subscribe(/^token_authority\./) do |name, start, finish, id, payload|
duration_ms = (finish - start) * 1000
# Send to your metrics system
StatsD.timing(name.tr(".", "_"), duration_ms)
# Add custom tags based on payload
if payload[:client_type]
StatsD.increment("token_authority.client_resolution", tags: ["type:#{payload[:client_type]}"])
end
endActiveSupport::Notifications.subscribe(/^token_authority\./) do |name, start, finish, id, payload|
Datadog::Statsd.new.distribution(
name,
(finish - start) * 1000,
tags: payload.map { |k, v| "#{k}:#{v}" }
)
end# Define metrics
TOKEN_AUTHORITY_DURATION = Prometheus::Client::Histogram.new(
:token_authority_operation_duration_seconds,
docstring: "TokenAuthority operation duration",
labels: [:operation],
buckets: [0.001, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1]
)
ActiveSupport::Notifications.subscribe(/^token_authority\./) do |name, start, finish, id, payload|
operation = name.sub("token_authority.", "")
TOKEN_AUTHORITY_DURATION.observe(finish - start, labels: { operation: operation })
endTo completely disable instrumentation:
TokenAuthority.configure do |config|
config.instrumentation_enabled = false
endWhen disabled, the instrument calls become no-ops with minimal overhead.
TokenAuthority provides two complementary observability systems:
| Feature | Instrumentation | Event Logging |
|---|---|---|
| Purpose | Performance metrics | Audit trail / debugging |
| Data | Timing + minimal payload | Rich contextual payload |
| System | ActiveSupport::Notifications |
Rails.event |
| Events | Low-level operations | Business-level events |
| Example |
jwt.encode (0.4ms) |
token.exchange.completed with user/client details |
Use instrumentation for performance monitoring and alerting. Use event logging for auditing, debugging, and understanding OAuth flow behavior.
Getting Started
- Installation Guide
- MCP Quickstart
- Configuration Reference
- User Authentication
- Protecting API Endpoints
- Customizing Views
- Event Logging
- Instrumentation
Process Flows
- Authorization Code Grant
- Authorization Code Redemption
- Token Refresh
- Token Revocation
- Authorization Server Metadata
- Protected Resource Metadata
- Dynamic Client Registration
- Client Metadata Documents
Development