Generate new Key before expiration of old key

NetDevPack / Security.Jwt

Jwt Manager. Set of components to deal with Jwt Stuff. Automate your key rotating, add support for jwks_uri. Store your cryptography keys in a secure place.

MIT License

271 stars 38 forks source link

Generate new Key before expiration of old key #28

Closed shubhambothara closed 10 months ago

shubhambothara commented 2 years ago

Is there a way to generate a new key before expiration of old key so that client can replace the old key?

brunobritodev commented 2 years ago

Yes, it's possible.

The best way is:

First inject IJwtStore and revoke the current key, then generate new one.

public RevokeMyKey(IJsonWebKeyStore store, IJwtService service)
{
     _store = store;
     _service = service;
}

public RevokeCurrentKey()
{
        var oldCurrent = await _store.GetCurrent();
        /*Remove private key material*/
        await _store.Revoke(oldCurrent);
       var newCurrent = _service.GenerateKey();
}

brunobritodev commented 2 years ago

For those who came into this:

We'll add a new feat: Revoke current and generate new key:

await _service.GenerateNewKey();