AzureKeyVaultSignatureProvider.Verify() should be performed locally by default

MattCotterellNZ / IdentityServer.Contrib.AzureKeyVaultTokenSigningService

Azure Key Vault implementation of ITokenSigningService for IdentityServer

MIT License

7 stars 5 forks source link

AzureKeyVaultSignatureProvider.Verify() should be performed locally by default #5

Open MattCotterellNZ opened 8 years ago

MattCotterellNZ commented 8 years ago

Currently Verification costs one Key Vault operation. Verifying this is not only expensive (requires a network operation), it also costs money (verification may be called in order of magnitudes more often than signing in some scenarios).

Since we (usually) have the public key, this could feasibly be performed locally by default, with the developer optionally choosing to perform the operation through Key Vault itself.

MattCotterellNZ commented 7 years ago

This is no longer a problem in IdentityServer4, since the new integration points make this no longer our concern.