You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues.
Thank you in advance for helping us to improve this library! Your attention to detail here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community or Auth0 Support. Finally, to avoid duplicates, please search existing Issues before submitting one here.
By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct.
Describe the problem you'd like to have solved
I'm looking for a way to migrate from one key to another without rejecting existing keys, to allow for short-lived secrets without disrupting users too much.
Describe the ideal solution
The easiest way to do this is to just have a period where you accept multiple secrets. The process would look something like this:
Add key to list of accepted keys for both the issuer and consumer servers
Update key issuer to use new key for issuing keys
Wait for token lifespan plus a few minutes or so to account for clock differences
Remove key from list of accepted keys for both the issuer and consumer servers
The API could just accept arrays of jwt.Secrets anywhere that type is accepted within this immediate module and offload the rest of that complexity to the callee.
Alternatives and current work-arounds
Bite the bullet and just let every token fail to check.
Fork this module. This is obviously far from ideal.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered:
Please do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues.
Thank you in advance for helping us to improve this library! Your attention to detail here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community or Auth0 Support. Finally, to avoid duplicates, please search existing Issues before submitting one here.
By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct.
Describe the problem you'd like to have solved
I'm looking for a way to migrate from one key to another without rejecting existing keys, to allow for short-lived secrets without disrupting users too much.
Describe the ideal solution
The easiest way to do this is to just have a period where you accept multiple secrets. The process would look something like this:
The API could just accept arrays of
jwt.Secret
s anywhere that type is accepted within this immediate module and offload the rest of that complexity to the callee.Alternatives and current work-arounds
Additional context
The text was updated successfully, but these errors were encountered: