An extension will be implemented that automatically creates an STS "account" (StsClient), when the SecureTokenService (STS) is embedded in the IdentityHub runtime.
Several use cases exist for this:
ParticipantContextCreated: create the StsClient object with the default key pair, generate a random client secret
KeyPairRevoked: set the vault aliases for the private and public key to null
KeyPairRotated: set the vault aliases for the private and public key to null
DidDocumentPublished: obtain the default keypair and set it's privateKeyAlias and its key-id (from the did document). This feature can be disabled with a configuration value.
Note that when keys are revoked or rotated, and a new key is attached to the request, that will result in a KeyPairAdded event
Which Areas Would Be Affected?
add new extension to IH
Why Is the Feature Desired?
convenience
Solution Proposal
The extension should be so fault tolerant to only execute the aforementioned event handlers, if the STS modules are in fact present and an StsClientStore can be resolved.
In other words, adding this new extension to an IdentityHub that does not contain STS modules should not raise an error, but log an error. This simplifies the creation of an IdentityHub BOM.
Feature Request
An extension will be implemented that automatically creates an STS "account" (
StsClient), when the SecureTokenService (STS) is embedded in the IdentityHub runtime.Several use cases exist for this:
ParticipantContextCreated: create theStsClientobject with the default key pair, generate a random client secretKeyPairRevoked: set the vault aliases for the private and public key tonullKeyPairRotated: set the vault aliases for the private and public key tonullDidDocumentPublished: obtain the default keypair and set it'sprivateKeyAliasand its key-id (from the did document). This feature can be disabled with a configuration value.Note that when keys are revoked or rotated, and a new key is attached to the request, that will result in a
KeyPairAddedeventWhich Areas Would Be Affected?
add new extension to IH
Why Is the Feature Desired?
convenience
Solution Proposal
The extension should be so fault tolerant to only execute the aforementioned event handlers, if the STS modules are in fact present and an
StsClientStorecan be resolved. In other words, adding this new extension to an IdentityHub that does not contain STS modules should not raise an error, but log an error. This simplifies the creation of an IdentityHub BOM.