fix(auth): verify against backup signing secret + harden secret time/cache#3079
fix(auth): verify against backup signing secret + harden secret time/cache#3079xilosada wants to merge 1 commit into
Conversation
Hardens JWT secret handling so signing-secret rotation is safe to enable: - verify_token falls back to an unexpired backup secret on signature failure, so a rotation no longer invalidates outstanding tokens - replace panicking system-time unwraps with a checked epoch helper - re-read secrets from storage on version mismatch so replicas stay consistent Rotation itself stays disabled here; it is enabled in a later change.
|
Your PR title does not adhere to the Conventional Commits convention: Common errors to avoid:
|
There was a problem hiding this comment.
🤖 MeroReviewer
Reviewed by 1 agents | Quality score: 85% | Review time: 80.2s
✅ No Issues Found
All agents reviewed the code and found no issues. LGTM! 🎉
🤖 Generated by MeroReviewer | Review ID: review-0a548129
Documentation ReviewThe following documentation may need updates based on the changes in this PR:
|
E2E Rust Apps FailedOne or more E2E workflows (scaffolding-e2e, xcall-example) failed. Please check the workflow logs for more details. |
|
This pull request has been automatically marked as stale. If this pull request is still relevant, please leave any comment (for example, "bump"), and we'll keep it open. We are sorry that we haven't been able to prioritize reviewing it yet. Your contribution is very much appreciated. |
What
Hardens JWT signing-secret handling so secret rotation is safe to enable.
verify_tokenfalls back to an unexpired backup secret on signature failure, so rotating the signing secret no longer invalidates outstanding tokens.SystemTimeunwraps with a checked epoch helper.Rotation itself stays disabled in this PR; it is enabled in a follow-up.
Tests
cargo test -p mero-authgreen (68 passed). New: verify-after-rotation falls back to backup; rejected once the backup is evicted; foreign-signed token rejected.