1 files changed, 24 insertions, 4 deletions

diff --git a/apifw/token.py b/apifw/token.py
index d1e503c..a9a12ac 100644
--- a/apifw/token.py
+++ b/apifw/token.py
@@ -20,6 +20,29 @@ import jwt
 JWT_SIGNING_ALGORITHM = 'RS512'
 
 
+class TokenCache:
+
+    def __init__(self):
+        self._cache = {}
+
+    def parse(self, token, key, audience):
+        if token not in self._cache:
+            if len(self._cache) > 1024:  # pragma: no cover
+                self._cache = {}
+            decoded = self._decode(token, key, audience)
+            self._cache[token] = decoded
+        return self._cache[token]
+
+    def _decode(self, token, key, audience):
+        return jwt.decode(
+            token,
+            key=key.exportKey('OpenSSH'),
+            audience=None, options={'verify_aud': False})
+
+
+_cache = TokenCache()
+
+
 def create_token(claims, signing_key):
     return jwt.encode(
         claims,
@@ -28,7 +51,4 @@ def create_token(claims, signing_key):
 
 
 def decode_token(token, key, audience):
-    return jwt.decode(
-        token,
-        key=key.exportKey('OpenSSH'),
-        audience=None, options={'verify_aud': False})
+    return _cache.parse(token, key, audience)