Generate secret key during first run and store it in the database

[traverseda]

Realistically the user never needs to care about the secret key, it can be auto-generated during the first run. I think it makes sense to put it in the database and not the file system because that way if you use a distributed database backend like cockroachDb every node gets the same secret key and everything sort of just works.

import secrets
secret_key=secrets.token_urlsafe(50)

Is part of the standard library.

Just removes a little bit more friction when people set up the service for the first time.

[sonicnkt]

Good idea, i would put this in the settings table and create it with the first run function (empty db). Do you think this should be exposed in the admin ui or can this be hidden?

[traverseda]

It's only used internally so I don't think there's any point in exposing it to the end user. Worst case if you lose it is all the currently active user sessions get reset and people need to log in again.

[sonicnkt]

makes sense. will integrate this in the coming days.

[traverseda]

Awesome, I'm going to go through this OpenId connect example and try to adapt it to your database models

https://github.com/authlib/example-oidc-server

[sonicnkt]

with the current app structure its no possible to load the key using the config object as the db would have to be initialized already. Im wondering if its a bit of a secrutiy risk to store that in db as in no other example i have seen this is done this way.

I think i will put this aside for the moment and maybe add some instructions how to generate one