If there are two janus replicates running, the token generation endpoints appear to not work.
The reason is that each app thread, on loading, will generate a throwaway nonce key that it uses for signing nonces. This key is thus unique to the thread, and consequently nonce-approval is unique to the thread. A user requesting a nonce from time_signature and trying to validate a signed nonce via generate will thus encounter a mismatch and get a 401.
Solutions:
1) Use a static nonce key set in the Janus config. Throwing away the nonce key is more secure, but maybe not necessary?
2) Share the nonce key at runtime between threads. Probably the easiest way to do this is to make a database entry that apps update on loading, or is otherwise cycled at a regular interval.
3) Reduce replication. This is what I'm doing for the moment.
If there are two janus replicates running, the token generation endpoints appear to not work.
The reason is that each app thread, on loading, will generate a throwaway nonce key that it uses for signing nonces. This key is thus unique to the thread, and consequently nonce-approval is unique to the thread. A user requesting a nonce from
time_signature
and trying to validate a signed nonce viagenerate
will thus encounter a mismatch and get a 401.Solutions: 1) Use a static nonce key set in the Janus config. Throwing away the nonce key is more secure, but maybe not necessary? 2) Share the nonce key at runtime between threads. Probably the easiest way to do this is to make a database entry that apps update on loading, or is otherwise cycled at a regular interval. 3) Reduce replication. This is what I'm doing for the moment.