Skip to content

fix: Lock while generating the Security Key#73

Draft
febinkdominic wants to merge 3 commits into
NetDevPack:masterfrom
febinkdominic:fix/lock-while-generating-code
Draft

fix: Lock while generating the Security Key#73
febinkdominic wants to merge 3 commits into
NetDevPack:masterfrom
febinkdominic:fix/lock-while-generating-code

Conversation

@febinkdominic

@febinkdominic febinkdominic commented Jun 30, 2026

Copy link
Copy Markdown

Fixes duplicate key generation when a scoped JwtService rotates keys concurrently across requests #65

  • Added a process-wide SemaphoreSlim RotationLock in JwtService so concurrent requests rotate the current key once, not once per request.
  • GetCurrentSecurityKey now double-checks under the lock with a cache bypass (GetCurrent(..., bypassCache: true)) before revoking + generating.
  • Rotation/generation paths (GenerateNewKey, ValidateCurrentKey) now read current with bypassCache: true so they never decide off a stale cached key.

Fixes duplicate key generation when a scoped JwtService rotates keys concurrently across replicas

  • When run on multiple pods (Kubernetes), the pods independently generate new keys and cache the last two keys. On a cluster with 3 replicas with AlgorithmsToKeep = 2, all three generate new keys and cache different pairs of keys.

  • KeyMaterial gains a Version (long); each rotation is previous.Version + 1 (seeded at 1 for cold start / pre-column rows that default to 0).

  • Use the previous valid key's version, and increment it, and use that to generate the GUID of the new key - Every instance generates the same GUID and tries to insert, the database fails one of the inserts acting as the coordinator.

  • IJsonWebKeyStore.Store now returns Task<KeyMaterial> . The persisted key is returned to the caller and can sign with the new key.

  • Added a bool bypassCache = false parameter to GetCurrent across the interface and all implementations.

  • EF Core store: computes a deterministic Id from SHA256(use:kty:version) so concurrent inserts collide on the primary key. On collision/transient fault it detaches its own entity, re-reads the winner, and returns it (throws only if no winner exists).

  • InMemoryStore, DataProtectionStore, FileSystemStore updated to the new signatures.

⚠️ Breaking changes

  • EFCore Users: KeyMaterial.Version adds a new column to the SecurityKeys table. An un-migrated database will throw at runtime since the code reads/writes Version. Deployments must apply a migration before upgrading.
  • Custom Store Implementations: IJsonWebKeyStore is public. Any custom store breaks at compile time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant