fix: improve key rotation (#1328)

* fix: improve key rotation * update oidc pkg version
2025-08-12 08:47:32 +00:00 · 2021-02-23 08:32:00 +01:00
parent 428ef4acdb
commit 57b277bc7c
18 changed files with 232 additions and 60 deletions
--- a/internal/auth/repository/eventsourcing/repository.go
+++ b/internal/auth/repository/eventsourcing/repository.go
@@ -15,6 +15,7 @@ import (
 	es_int "github.com/caos/zitadel/internal/eventstore"
 	es_spol "github.com/caos/zitadel/internal/eventstore/spooler"
 	"github.com/caos/zitadel/internal/id"
+	key_model "github.com/caos/zitadel/internal/key/model"
 	"github.com/caos/zitadel/internal/v2/command"
 	"github.com/caos/zitadel/internal/v2/query"
 )
@@ -75,7 +76,9 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, co
 		return nil, err
 	}

-	spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, systemDefaults)
+	keyChan := make(chan *key_model.KeyView)
+	spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, systemDefaults, keyChan)
+	locker := spooler.NewLocker(sqlClient)

 	userRepo := eventstore.UserRepo{
 		SearchLimit:    conf.SearchLimit,
@@ -108,12 +111,15 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, co
 			IAMID:                      systemDefaults.IamID,
 		},
 		eventstore.TokenRepo{
-			Eventstore: es,
 			View:       view,
 		},
 		eventstore.KeyRepository{
-			View:               view,
-			SigningKeyRotation: systemDefaults.KeyConfig.SigningKeyRotation.Duration,
+			View:                     view,
+			SigningKeyRotationCheck:  systemDefaults.KeyConfig.SigningKeyRotationCheck.Duration,
+			SigningKeyGracefulPeriod: systemDefaults.KeyConfig.SigningKeyGracefulPeriod.Duration,
+			KeyAlgorithm:             keyAlgorithm,
+			Locker:                   locker,
+			KeyChan:                  keyChan,
 		},
 		eventstore.ApplicationRepo{
 			Commands: command,