Generate new Key before expiration of old key

Question

Generate new Key before expiration of old key

shubhambothara opened this issue 2 years ago · comments

Shubham Bothara commented 2 years ago

Is there a way to generate a new key before expiration of old key so that client can replace the old key?

Bruno Brito · Answer 1 · Tue Jul 05 2022 03:14:32 GMT+0800 (China Standard Time)

Yes, it's possible.

The best way is:

First inject IJwtStore and revoke the current key, then generate new one.

public RevokeMyKey(IJsonWebKeyStore store, IJwtService service)
{
     _store = store;
     _service = service;
}

public RevokeCurrentKey()
{
        var oldCurrent = await _store.GetCurrent();
        /*Remove private key material*/
        await _store.Revoke(oldCurrent);
       var newCurrent = _service.GenerateKey();
}

Bruno Brito · Answer 2 · Tue Jul 05 2022 03:16:26 GMT+0800 (China Standard Time)

For those who came into this:

We'll add a new feat: Revoke current and generate new key:

await _service.GenerateNewKey();