1 files changed, 12 insertions, 2 deletions

diff --git a/src/core/lib/security/credentials/jwt/jwt_verifier.c b/src/core/lib/security/credentials/jwt/jwt_verifier.c
index 73eb2e3258..c1a3eb7eab 100644
--- a/src/core/lib/security/credentials/jwt/jwt_verifier.c
+++ b/src/core/lib/security/credentials/jwt/jwt_verifier.c
@@ -657,11 +657,16 @@ static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data,
     *(req.host + (req.http.path - jwks_uri)) = '\0';
   }
 
+  /* TODO(ctiller): Carry the buffer_pool in ctx and share it with the host
+     channel. This would allow us to cancel an authentication query when under
+     extreme memory pressure. */
+  grpc_buffer_pool *buffer_pool = grpc_buffer_pool_create();
   grpc_httpcli_get(
-      exec_ctx, &ctx->verifier->http_ctx, &ctx->pollent, &req,
+      exec_ctx, &ctx->verifier->http_ctx, &ctx->pollent, buffer_pool, &req,
       gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), grpc_jwt_verifier_max_delay),
       grpc_closure_create(on_keys_retrieved, ctx),
       &ctx->responses[HTTP_RESPONSE_KEYS]);
+  grpc_buffer_pool_internal_unref(exec_ctx, buffer_pool);
   grpc_json_destroy(json);
   gpr_free(req.host);
   return;
@@ -764,10 +769,15 @@ static void retrieve_key_and_verify(grpc_exec_ctx *exec_ctx,
     rsp_idx = HTTP_RESPONSE_OPENID;
   }
 
+  /* TODO(ctiller): Carry the buffer_pool in ctx and share it with the host
+     channel. This would allow us to cancel an authentication query when under
+     extreme memory pressure. */
+  grpc_buffer_pool *buffer_pool = grpc_buffer_pool_create();
   grpc_httpcli_get(
-      exec_ctx, &ctx->verifier->http_ctx, &ctx->pollent, &req,
+      exec_ctx, &ctx->verifier->http_ctx, &ctx->pollent, buffer_pool, &req,
       gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), grpc_jwt_verifier_max_delay),
       http_cb, &ctx->responses[rsp_idx]);
+  grpc_buffer_pool_internal_unref(exec_ctx, buffer_pool);
   gpr_free(req.host);
   gpr_free(req.http.path);
   return;