Token Storage

[MrF3lix]

As a user I want to be able to save tokens as secrets to access other APIs that require an access token.

Important:

• Research how to safely store tokens.

Acceptance Criteria

• The editor should allow to save tokens. Tokens should never be visible to the user.
• The api should be able to save, update, delete tokens.
• The executor should be able to replace variables in nodes with tokens.

Related

The following issues have been created as sub-issues:

• [x] #98
• [ ] #99
• [ ] #100

[MrF3lix]

The following issues have been created as sub-issues:

• 98

• 99

• 100

[DuplosFidibuss]

So far, I have figured some possibilities to safely store user secrets in the API as follows:

• https://www.partech.nl/en/publications/2020/11/data-encryption-and-decryption-in-asp-dot-net-core
• https://stackoverflow.com/questions/54663388/data-encryption-in-data-layer-with-asp-net-core-entity-framework

The solution suggested by partech.nl makes use of IDataProtectionProvider (https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.dataprotection.idataprotectionprovider?view=aspnetcore-6.0) and IDataProtector (https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.dataprotection.idataprotector?view=aspnetcore-6.0) and seems to be a useful approach. The solutions described on the stackoverflow post include using the Identity Protected attribute, which would lead to extending our current identity implementation to allow for storing user tokens as protected values.