Skip to content

07. Scaling and multi server setups

Liam edited this page Oct 14, 2019 · 1 revision

This page will help applications that scale horizontally or applications that have a load balanced deployment.

By default, the middleware stores the Nuts it creates in memory but this is not acceptable for applications that are deployed over several servers especially in a load balanced ecosystem.

How can we scale and use SQRL

We have tried to make this as easy as possible and have created several hooks for the developer to interface with that will allow them to take control of the management of the Nuts.

What are the hooks?

There are eight hooks that are exposed for this purpose these are

  • StoreNut
  • GetNut
  • RemoveNut
  • GetNutIdk
  • CheckNutAuthorized
  • StoreCpsSessionId
  • GetUserIdByCpsSessionId
  • RemoveCpsSessionId

We will explain the purpose and signature of each of these hooks but first we should quickly cover the NutInfo class.

NutInfo is a class that holds specific data from the middleware that it needs to keep for a set amount of time to allow the "nut" to be validated.

The class looks like this:

public class NutInfo
{
    public DateTime CreatedDate { get; set; } //The date the info was created
    public string IpAddress { get; set; } //The IP address the first nut was created for
    public string FirstNut { get; set; } //The First nut that the user was given in the chain of requests (the one on the login page)
    public string Idk { get; set; } //The users identity if we know it yet (this is null until they are authorised)
}

The values stored in this object shouldn't be changed.

Now we covered that let look at each hook.

StoreNut

This hook allows you to take control of the storage of Nuts.

Signature

void StoreNut(string nut, NutInfo info, bool authorized)

The "nut" parameter will be the nut that is sent to the user.

The "Info" parameter is the information for the nut.

The "authorized" parameter indicates if the nut is authenticated (the user is authorised).

GetNut

This allows you to get the Nuts you stored and return the NutInfo back to the middleware

Signature

NutInfo GetNut(string nut, bool authorized)

The "nut" parameter will be the nut that is was sent by the user and may or may not be in your store.

The "authorized" parameter indicates if the nut is expected to be authenticated (the user is authorised).

The method should return a NutInfo or Null (when there no nut).

RemoveNut

This allows the middleware to inform you when the specified Nut should be removed.

Signature

void RemoveNut(string nut, bool authorized)

The "nut" parameter will be the nut that is was sent by the user and may or may not be in your store.

The "authorized" parameter indicates if the nut is expected to be authenticated (the user is authorised).

GetNutIdk

This hook will return the Idk stored in the NutInfo for the specified Nut.

Signature

string GetNutIdk(string nut)

The "nut" parameter will be the nut that is was sent by the user and may or may not be in your store. This might be the Nut, or it may be the first nut stored in the nut info.

NOTE

It is expected that the nut is authorised

CheckNutAuthorized

This hook allows you to tell the middleware if a nut is authorised.

Signature

bool CheckNutAuthorized(string nut)

The "nut" parameter will be the nut that is was sent by the user and may or may not be in your store. This might be the Nut, or it may be the first nut stored in the nut info.

It is expected to return false for any case other than when the nut is authorised.

StoreCpsSessionId

This is called when the user SQRL client has set the option of CPS which indicates a same device login where the client can redirect securely the client. This hook allows you to take control of storing the CPS sessions.

Signature

void StoreCpsSessionId(string sessionId, string userId)

The "sessionId" is a GUID digits only value that will be used by the client to look up later.

The "userId" is the Idk for the authenticated user.

NOTE

The user is authenticated at this point

GetUserIdByCpsSessionId

This hook returns the UserId stored against the provided session id.

Signature

string GetUserIdByCpsSessionId(string sessionId)

The "sessionId" is the session id provided by the user and may or may not exist in your store.

This hook is expected to return the UserId stored against the "SesssionId" or null if the session id is not stored.

RemoveCpsSessionId

This hook allows the middleware to instruct you to remove a session this is done when the user requests a session id that exists.

Signature

void RemoveCpsSessionId(string sessionId)

The "sessionId" is the session id provided by the user and will exist in your store.

Conclusion

With these simple and easy to use hooks and a centralised store you can scale your SQRL secured application with ease.