if the .key file has ExpiredAt and expired, it will always generate new .key file

NetDevPack / Security.Jwt

Jwt Manager. Set of components to deal with Jwt Stuff. Automate your key rotating, add support for jwks_uri. Store your cryptography keys in a secure place.

MIT License

271 stars 38 forks source link

if the .key file has ExpiredAt and expired, it will always generate new .key file #58

Closed liugt34 closed 5 months ago

liugt34 commented 7 months ago

in FileSystemStore.cs this code always return the first file, so it will generate new file repeatly.

private string GetCurrentFile()
{
    var files = Directory.GetFiles(KeysPath.FullName, $"*current*.key");
    if (files.Any())
        return Path.Combine(KeysPath.FullName, files.First());

    return Path.Combine(KeysPath.FullName, $"{_options.Value.KeyPrefix}current.key");
}

brunobritodev commented 5 months ago

Thank you for your highlight at FileSystemStore.cs.

The JwtService class is designed with a mechanism to check if the current security key is expired or needs to be updated for any reason (e.g., revocation). During process to generate new key it get the *current* key and copy it to old-yyyy-MM-dd file. After that a new Key will get place in *current* key.