fix: Lock while generating the Security Key#73
Draft
febinkdominic wants to merge 3 commits into
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes duplicate key generation when a scoped JwtService rotates keys concurrently across requests #65
Fixes duplicate key generation when a scoped JwtService rotates keys concurrently across replicas
When run on multiple pods (Kubernetes), the pods independently generate new keys and cache the last two keys. On a cluster with 3 replicas with
AlgorithmsToKeep = 2, all three generate new keys and cache different pairs of keys.KeyMaterial gains a
Version(long); each rotation isprevious.Version + 1(seeded at 1 for cold start / pre-column rows that default to 0).Use the previous valid key's version, and increment it, and use that to generate the GUID of the new key - Every instance generates the same GUID and tries to insert, the database fails one of the inserts acting as the coordinator.
IJsonWebKeyStore.Store now returns
Task<KeyMaterial>. The persisted key is returned to the caller and can sign with the new key.Added a
bool bypassCache = falseparameter to GetCurrent across the interface and all implementations.EF Core store: computes a deterministic Id from SHA256(
use:kty:version) so concurrent inserts collide on the primary key. On collision/transient fault it detaches its own entity, re-reads the winner, and returns it (throws only if no winner exists).InMemoryStore,DataProtectionStore,FileSystemStoreupdated to the new signatures.KeyMaterial.Versionadds a new column to theSecurityKeystable. An un-migrated database will throw at runtime since the code reads/writes Version. Deployments must apply a migration before upgrading.IJsonWebKeyStoreis public. Any custom store breaks at compile time.