abp icon indicating copy to clipboard operation
abp copied to clipboard
verified publisher icon abpframework

Why are parameters for AddProductionEncryptionAndSigningCertificate() stored in code and not in settings?

Open improwise opened this issue 1 year ago • 1 comments

Is there a reason why the parameters to the AddProductionEncryptionAndSigningCertificate() method are stored in code rather than in an appsettings.json etc?

            PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
            {
                serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx",
                    "XXXXXX");
                serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
            });

I know you can and should change this, but there must be a reason for name of cert and passphrase to be stored directly in the code and not in settings like most other stuff like AuthServer:Authority?

improwise avatar Oct 18 '24 09:10 improwise

Ie something like this:

 PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
 {
     var certificatePath = configuration["OpenIddict:Certificate:Path"];
     var certificatePassword = configuration["OpenIddict:Certificate:Password"];
     serverBuilder.AddProductionEncryptionAndSigningCertificate(certificatePath, certificatePassword);
     serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
 });

and then in appsettings

  "OpenIddict": {
    "Certificate": {
      "Path": "openiddict.pfx",
      "Password": "XXXXXXXX"
    }
  },

There are of course much better ways to solve this than either of these solutions for production environments.

improwise avatar Oct 18 '24 10:10 improwise

No particular reason. We should move to apsettings.json file.

maliming avatar Oct 20 '24 10:10 maliming

We have moved CertificatePassPhrase from the module to appsettings.json.

image

maliming avatar Nov 11 '24 03:11 maliming