Support smooth key-rotation, accept multiple public-keys

We're trying to work towards the ability to refresh the Panda key on a regular basis (eg weekly, or daily) and so we'll need `pan-domain-node` to handle that!

Work has already been completed in the Scala Panda library to support smooth-key rotation, by accepting multiple public-keys:

* https://github.com/guardian/pan-domain-authentication/pull/150

...we'll need to duplicate that work in `pan-domain-node`. This needs two main changes:

- [ ] Update the config parsing code in [`fetchPublicKey()`](https://github.com/guardian/pan-domain-node/blob/92e462a3527ccb1880f46ca2959cce5829367d60/src/fetch-public-key.ts#L10C17-L18) to read the additional public keys defined in `alsoAccept.X.publicKey` config entries (see [sample .settings files](https://github.com/guardian/pan-domain-authentication/tree/c211ad4da385ffcc3071a7047e915a99bb50d892/pan-domain-auth-verification/src/test/resources/crypto-conf-rotation-example))
- [ ] Update the cookie verification code in [`verifyUser()`](https://github.com/guardian/pan-domain-node/blob/92e462a3527ccb1880f46ca2959cce5829367d60/src/panda.ts#L34) to try each of those additional public keys in turn, rather than just the single active key 

See also:

* https://github.com/guardian/data-science-recipes/issues/119

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support smooth key-rotation, accept multiple public-keys #28

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Support smooth key-rotation, accept multiple public-keys #28

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions