FIDO2: externalize authenticator configuration

wultra / powerauth-server

PowerAuth Server component is the back-end counterpart of PowerAuth Mobile SDK that holds device registrations and verifies MFA signatures.

GNU Affero General Public License v3.0

17 stars 12 forks source link

FIDO2: externalize authenticator configuration #1393

Closed zcgandcomp closed 3 months ago

zcgandcomp commented 4 months ago

Currently, Fido2Authenticators.java contains a hardcoded configuration for the FIDO authenticator.

Externalize the config so it can be changed by configuration. Suggestion DB - but be aware of the performance consequences.

The configuration changes are not expected to be often - in production for the first release and more frequent for setting in the test environments. So singleton with long eviction should be fine.

jnpsk commented 4 months ago

Spring has a caching mechanism. Basically it is a group of method level annotations that are able to cache method's return value identified by method's input argument. One of the possible cache implementation is ConcurrentHashMap. So we can implement standard database repository and then annotate its methods as cachable to speed up repeated requests.

romanstrobl commented 4 months ago

Can we add the new table? https://github.com/wultra/powerauth-server/blob/issues/1393-external-authenticator-config/docs/Database-Structure.md