-
Notifications
You must be signed in to change notification settings - Fork 6
07. Scaling and multi server setups
This page will help applications that scale horizontally or applications that have a load balanced deployment.
By default, the middleware stores the Nuts it creates in memory but this is not acceptable for applications that are deployed over several servers especially in a load balanced ecosystem.
We have tried to make this as easy as possible and have created several hooks for the developer to interface with that will allow them to take control of the management of the Nuts.
There are eight hooks that are exposed for this purpose these are
- StoreNut
- GetNut
- RemoveNut
- GetNutIdk
- CheckNutAuthorized
- StoreCpsSessionId
- GetUserIdByCpsSessionId
- RemoveCpsSessionId
We will explain the purpose and signature of each of these hooks but first we should quickly cover the NutInfo class.
NutInfo is a class that holds specific data from the middleware that it needs to keep for a set amount of time to allow the "nut" to be validated.
The class looks like this:
public class NutInfo
{
public DateTime CreatedDate { get; set; } //The date the info was created
public string IpAddress { get; set; } //The IP address the first nut was created for
public string FirstNut { get; set; } //The First nut that the user was given in the chain of requests (the one on the login page)
public string Idk { get; set; } //The users identity if we know it yet (this is null until they are authorised)
}
The values stored in this object shouldn't be changed.
Now we covered that let look at each hook.
This hook allows you to take control of the storage of Nuts.
Signature
void StoreNut(string nut, NutInfo info, bool authorized)
The "nut" parameter will be the nut that is sent to the user.
The "Info" parameter is the information for the nut.
The "authorized" parameter indicates if the nut is authenticated (the user is authorised).
This allows you to get the Nuts you stored and return the NutInfo back to the middleware
Signature
NutInfo GetNut(string nut, bool authorized)
The "nut" parameter will be the nut that is was sent by the user and may or may not be in your store.
The "authorized" parameter indicates if the nut is expected to be authenticated (the user is authorised).
The method should return a NutInfo or Null (when there no nut).
This allows the middleware to inform you when the specified Nut should be removed.
Signature
void RemoveNut(string nut, bool authorized)
The "nut" parameter will be the nut that is was sent by the user and may or may not be in your store.
The "authorized" parameter indicates if the nut is expected to be authenticated (the user is authorised).
This hook will return the Idk stored in the NutInfo for the specified Nut.
Signature
string GetNutIdk(string nut)
The "nut" parameter will be the nut that is was sent by the user and may or may not be in your store. This might be the Nut, or it may be the first nut stored in the nut info.
NOTE
It is expected that the nut is authorised
This hook allows you to tell the middleware if a nut is authorised.
Signature
bool CheckNutAuthorized(string nut)
The "nut" parameter will be the nut that is was sent by the user and may or may not be in your store. This might be the Nut, or it may be the first nut stored in the nut info.
It is expected to return false for any case other than when the nut is authorised.
This is called when the user SQRL client has set the option of CPS which indicates a same device login where the client can redirect securely the client. This hook allows you to take control of storing the CPS sessions.
Signature
void StoreCpsSessionId(string sessionId, string userId)
The "sessionId" is a GUID digits only value that will be used by the client to look up later.
The "userId" is the Idk for the authenticated user.
NOTE
The user is authenticated at this point
This hook returns the UserId stored against the provided session id.
Signature
string GetUserIdByCpsSessionId(string sessionId)
The "sessionId" is the session id provided by the user and may or may not exist in your store.
This hook is expected to return the UserId stored against the "SesssionId" or null if the session id is not stored.
This hook allows the middleware to instruct you to remove a session this is done when the user requests a session id that exists.
Signature
void RemoveCpsSessionId(string sessionId)
The "sessionId" is the session id provided by the user and will exist in your store.
With these simple and easy to use hooks and a centralised store you can scale your SQRL secured application with ease.