IdentityServer3.Contrib.RedisStore
1.3.0
Identity Server 3 has reached end of life
dotnet add package IdentityServer3.Contrib.RedisStore --version 1.3.0
NuGet\Install-Package IdentityServer3.Contrib.RedisStore -Version 1.3.0
<PackageReference Include="IdentityServer3.Contrib.RedisStore" Version="1.3.0" />
paket add IdentityServer3.Contrib.RedisStore --version 1.3.0
#r "nuget: IdentityServer3.Contrib.RedisStore, 1.3.0"
// Install IdentityServer3.Contrib.RedisStore as a Cake Addin #addin nuget:?package=IdentityServer3.Contrib.RedisStore&version=1.3.0 // Install IdentityServer3.Contrib.RedisStore as a Cake Tool #tool nuget:?package=IdentityServer3.Contrib.RedisStore&version=1.3.0
IdentityServer3.Contrib.RedisStore
IdentityServer3.Contrib.RedisStore is a persistance layer using Redis DB for operational data of Identity Server 3. Specifically, this store provides implementation for AuthorizationCodeStore, RefreshTokenStore and TokenHandleStore.
How to use
You need to install the nuget package
then you can inject the stores in the Identity Server service Factory
like the following:
var factory = new IdentityServerServiceFactory();
...
factory.ConfigureOperationalRedisStoreServices(new ConfigurationOptions { /* ... */ });
Or:
var factory = new IdentityServerServiceFactory();
...
factory.ConfigureOperationalRedisStoreServices("--- redis store connection string goes here ---");
Note: you can add prefix to the keys stored in Redis Store by setting keyPrefix parameter to a value of your own choice on any of ConfigureOperationalRedisStoreServices overloads.
the solution approach
the solution was approached based on how the SQL Store storing the operational data, but the concept of Redis as a NoSQL db is totally different than relational db concepts, all the operational data stores implement the following ITransientDataRepository interface:
public interface ITransientDataRepository<T>
where T : ITokenMetadata
{
Task StoreAsync(string key, T value);
Task<T> GetAsync(string key);
Task RemoveAsync(string key);
Task<IEnumerable<ITokenMetadata>> GetAllAsync(string subject);
Task RevokeAsync(string subject, string client);
}
and the ITokenMetadata defines the following contract:
public interface ITokenMetadata
{
string SubjectId { get; }
string ClientId { get; }
IEnumerable<string> Scopes { get; }
}
with the ITransientDataRepository contract, we notice that the GetAllAsync(subject) and RevokeAsync(subject,client) defines a contract to read based on subject id and revoke all the tokens in the store based on subject and client ids.
this brings trouble to Redis store since redis as a reliable dictionary is not designed for relational queries, so the trick is to store multiple entries for the same token, and can be reached using key, subject and client ids.
so the StoreAsync operation stores the following entries in Redis:
Key(TokenType:Key) → Token: stored as key string value pairs, used to retrieve the Token based on the key, if the token exists or not expired.
Key(TokenType:SubjectId) → Key* : stored in a redis Set, used on the GetAllAsync, to retrieve all the tokens related to a given subject id.
Key(TokenType:SubjectId:ClientId) → Key* : stored in a redis set, used to retrieve all the keys that are related to a subject and client ids, to revoke them while calling RevokeAsync.
for more information on data structures used to store the token please refer to Redis data types documentation
since Redis has a key Expiration feature based on a defined date time or time span, and to not implement a logic similar to SQL store implementation for cleaning up the store periodically from dangling tokens, the store uses the key expiration of Redis while storing based on the following criteria:
for Key(TokenType:Key) the expiration is straight forward, it's set on the StringSet Redis operation as defined by identity server on the token object.
for Key(TokenType:SubjectId:ClientId) set the expiration also set as the lifetime of the token passed by the identity server, since the Client has unified lifetime for the token defined in the configuration.
for Key(TokenType:SubjectId) Set, there is no expiration since the subject id is involved, so on GetAllAsync and RevokeAsync the Store is clearing the expired keys.
Feedback
feedbacks are always welcomed, please open an issue for any problem or bug found, and the suggestions are also welcomed.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET Framework | net46 is compatible. net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
-
- IdentityServer3 (>= 2.0.0)
- Newtonsoft.Json (>= 9.0.1)
- StackExchange.Redis (>= 1.2.0)
- System.ValueTuple (>= 4.4.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated | |
---|---|---|---|
1.3.0 | 41,334 | 9/9/2018 | |
1.2.0 | 1,612 | 4/12/2018 | |
1.1.4.1 | 1,064 | 2/15/2018 | |
1.1.4 | 1,108 | 1/30/2018 | |
1.1.3 | 1,349 | 12/2/2017 | |
1.1.2.1 | 1,068 | 10/31/2017 | |
1.1.1.2 | 1,360 | 9/5/2017 | |
1.1.0-preview3 | 794 | 8/29/2017 | |
1.1.0-preview2 | 835 | 8/28/2017 | |
1.0.3-preview | 804 | 8/21/2017 | |
1.0.2 | 1,204 | 4/26/2017 | |
1.0.1 | 1,218 | 4/8/2017 | |
1.0.0 | 1,046 | 4/8/2017 |
RTM