Altinn / altinn-accesstoken

Client and server libraries for simple authorization of API calls
BSD 3-Clause "New" or "Revised" License
0 stars 1 forks source link

Allow the location of the X509Certificate to be configured #95

Open Alxandr opened 6 months ago

Alxandr commented 6 months ago

Description

In SigningCredentialsResolver, the path to the signing certificate is hard-coded to be Directory.GetParent(Directory.GetCurrentDirectory()).FullName + some configured value. This has some weird issues where by default, when running locally, I end up having to place the certificate in C:\Users\ALEHEI\hub\resource-registry-2\srcaccesstoken. Note the ending srcaccesstoken - this is because the path is joined by string concatenation and not using any of the Path methods.

Beyond that, the fact that I cannot specify the path as a global path is also a problem. This means I can't just have 1 of the certificates on my machine, I have to copy it to every repo (and fix/update gitignore).

So there's 2 things I'd like changed here:

Additional Information

No response

SandGrainOne commented 4 months ago

The hard coded value can be overridden by adding a configuration section to appsettings.json or any other configuration source. This should work:

{
    "AccessTokenSettings": {
        "AccessTokenSigningKeysFolder": "/accesstoken/",
        "AccessTokenSigningCertificateFileName": "mycert.pfx"
    }
}

Keeping the issue to consider changing from string concatenation to Path.Combine, and the option to configure base path as well. This would need to be backwards compatible where default behaviour is to use parent of current directory.

Alxandr commented 4 months ago

Except you can't configure it to be outside of your project directory. So I can't have 1 certificate on my machine and just setup an environment variable that all projects will use, because they all hardcode the path to start with the current working directory.

SandGrainOne commented 4 months ago

Except you can't configure it to be outside of your project directory. So I can't have 1 certificate on my machine and just setup an environment variable that all projects will use, because they all hardcode the path to start with the current working directory.

I acknowledged that brifely in my comment. Updated to make it more obvious.