Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/identity key management #347

Merged
merged 11 commits into from
Oct 1, 2021
Merged

Feature/identity key management #347

merged 11 commits into from
Oct 1, 2021

Conversation

DmyMi
Copy link
Contributor

@DmyMi DmyMi commented Sep 24, 2021

A possible fix for Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed and constant 401 status codes caused by using developer credentials (that are stored as local file per instance and are randomly generated each time instance cold starts) in our staging ephemeral distributed environment.

  • 👍 Simplified solution that does not require third party services, i.e. Vault or any other KMS
  • 👍 Simple interface that can be backed by aforementioned Vault later if needed.
  • 👍 Simple key expiration handling
  • 👍 Concurrency friendly creation & update - tested with 100 concurrent requests and 20 seconds certificate expiration to simulate key rotation.
  • 👍 Should work in distributed environment (need to test)
    Cons:
  • 👎 Having more than 1 certificate at a given time is not implemented. So we have "hard" key rotation (If key is rotated, i.e. once a week, all tokens become invalid & and need to re-login).
  • 👍 Cheaper than Identity Server paid solution :)

TODO: tests

@DmyMi DmyMi force-pushed the feature/identity_key_management branch from 4894a9b to 73deec1 Compare October 1, 2021 16:40
@DmyMi DmyMi merged commit 49b086d into develop Oct 1, 2021
@DmyMi DmyMi deleted the feature/identity_key_management branch October 1, 2021 16:42
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 1, 2021

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 9 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Bogdan-Hasanov Bogdan-Hasanov Bogdan-Hasanov approved these changes

@VadymLevkovskyi VadymLevkovskyi VadymLevkovskyi approved these changes

@SergeyNovitsky SergeyNovitsky Awaiting requested review from SergeyNovitsky

@h4wk13 h4wk13 Awaiting requested review from h4wk13

@OlhaHoliak OlhaHoliak Awaiting requested review from OlhaHoliak

@VyacheslavDzhus VyacheslavDzhus Awaiting requested review from VyacheslavDzhus

@Yuliya-Fedorenko Yuliya-Fedorenko Awaiting requested review from Yuliya-Fedorenko

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DmyMi @Bogdan-Hasanov @VadymLevkovskyi