Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWKS : add key distribution support #1470

Open
yuriyz opened this issue Sep 17, 2020 · 2 comments
Open

JWKS : add key distribution support #1470

yuriyz opened this issue Sep 17, 2020 · 2 comments
Assignees
@yuriyz
Labels
enhancement libs update, re-factroring, etc.
Milestone
4.6

Comments

@yuriyz
Copy link
Contributor

yuriyz commented Sep 17, 2020

Describe the issue

Parameters:
key_rotation_interval = 2h
jwks_sync_time = 60*20 + 10 #20 minutes plus small epsilon to allow for jitter

1) Create initial keys with expiration = key_rotation_interval + token_lifetime
2) Wait for key_rotation_interval - jwks_sync_time
3) create kid2 with expiration = key_rotation_interval + token_lifetime + jwks_sync_time # the extra time is needed as the key is created early
4) publish new jwks which contains original kid1 and new kid2
5) wait jwks_sync_time
6) push private jks to pods so they can use them
7) when kid1 expires remove it from jwks

Support: 8847
@yuriyz yuriyz added the enhancement libs update, re-factroring, etc. label Sep 17, 2020
@yuriyz yuriyz added this to the 5.0 milestone Sep 17, 2020
@yuriyz yuriyz self-assigned this Sep 17, 2020
@yuriyz
Copy link
Contributor Author

yuriyz commented Oct 29, 2020

This ticket is scheduled for future 5.0 release for oxauth (jans-auth), however we need it earlier for cluster. cc @iromli @mbaser

@devrimyatar
Copy link

@yuriyz As log as I know there won't be CM-5.0

@yuriyz yuriyz mentioned this issue Nov 5, 2020
Closed
@shmorri shmorri added this to To do in 4.3.0 Feb 11, 2021
@nynymike nynymike modified the milestones: 5.0, 4.3.0 Feb 11, 2021
@yuriyz yuriyz moved this from To do to Can be moved to 4.3.1 in 4.3.0 Mar 5, 2021
@yuriyz yuriyz modified the milestones: 4.3.0, 4.4.0 Mar 5, 2021
@yuriyz yuriyz removed this from Can be moved to 4.3.1 in 4.3.0 Mar 5, 2021
@shmorri shmorri modified the milestones: 4.4.0, 4.5 Apr 12, 2022
@yuriyz yuriyz modified the milestones: 4.5, 4.6 Oct 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuriyz yuriyz

Labels
enhancement libs update, re-factroring, etc.
Projects
None yet
Milestone
4.6
Development

No branches or pull requests
4 participants
@yuriyz @nynymike @devrimyatar @shmorri