search

passwordless-lib / fido2-net-lib

FIDO2 .NET library for FIDO2 / WebAuthn Attestation and Assertion using .NET
https://fido2-net-lib.passwordless.dev/
MIT License
1.16k stars 167 forks source link

[API Proposal] Allow to disable caching for Metadata or use another cache mechanism #550

Open joegoldman2 opened 1 week ago

joegoldman2 commented 1 week ago

Context

Today there is no easy way to use another cache than IDistributedCache (like the new HybridCache of .NET 9, FusionCache, etc) when using the metadata service. The AddCachedMetadataService method is the entry point for register the metadata service, registering a service that is based on IDistributedCache and IMemoryCache.

In addition, there is no way to completely disable the cache as it is directly implemented in the only IMetadataService implementation available out of the box (DistributedCacheMetadataService).

To solve this problem, it would be nice to have the possibility to register the service and repositories without any caching, which leaves the user the possibility to add the cache afterwards. Of course it will still be possible to register a default cache implementation that is based, as today, on IDistributedCache and IMemoryCache.

API Proposal

I propose the following API:

namespace Fido2NetLib;

+    public sealed class DefaultMetadataService : IMetadataService // An implementation without any cache mechanism
namespace Microsoft.Extensions.DependencyInjection;

public static class Fido2NetLibBuilderExtensions
{
-    public static void AddCachedMetadataService(this IFido2NetLibBuilder builder, Action<IFido2MetadataServiceBuilder> configAction);
     // Will register the default service without any cache
+    public static void AddMetadataService(this IFido2NetLibBuilder builder, Action<IFido2MetadataServiceBuilder> configure);
     // As the cache is currently implemented on service level (should be probably more flexible on repository level + decorator pattern but it's outside the scope of this issue),
     // this method will replace the current registered implementation by DistributedCacheMetadataService.
+    public static IFido2MetadataServiceBuilder UseDistributedCache(this IFido2MetadataServiceBuilder builder);
}

I am open to suggestions for the name of UseDistributedCache method for which I am not really inspired.

API Usage

var services = new ServiceCollection();
services.AddFido2(options => { ... }).AddMetadataService(options =>
{
    options.AddFidoMetadataRepository();
    options.UseDistributedCache();
});

instead of that, currently:

var services = new ServiceCollection();
services.AddFido2(options => { ... }).AddCachedMetadataService(options =>
{
    options.AddFidoMetadataRepository();
});

More context

397 also reports some limitations of the current model

cc @abergs @iamcarbon

joegoldman2 commented 1 week ago

I would be happy to help with the implementation if you agree with the proposal.