Fix safari sso header size (#1065)

* Safari SSO header size fix - in progress * Cleanup of memoryCacheTicketStore * Redis cache ticket store + registration * Revert some unecessary changes * temp - distributed cookie: idsrv.external * Ticket data cached storage added * OIDC working w/ substantially reduced cookie size * Added distributed cache cookie manager * Removed hybrid OIDC flow * Enable self-hosted folks to use Redis for SSO * Also allow self-hosted to use Redis cont...
2025-07-02 08:32:50 -05:00 · 2021-01-11 11:03:46 -05:00
parent 5aba9f7549
commit 99b95b5330
17 changed files with 398 additions and 36 deletions
--- a/src/Core/IdentityServer/RedisCacheTicketStore.cs
+++ b/src/Core/IdentityServer/RedisCacheTicketStore.cs
@ -0,0 +1,68 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.Extensions.Caching.Distributed;
+using Microsoft.Extensions.Caching.Memory;
+using Microsoft.Extensions.Caching.Redis;
+
+namespace Bit.Core.IdentityServer
+{
+    public class RedisCacheTicketStore : ITicketStore
+    {
+        private const string _keyPrefix = "auth-";
+        private readonly IDistributedCache _cache;
+
+        public RedisCacheTicketStore(RedisCacheOptions options)
+        {
+            _cache = new RedisCache(options);
+        }
+
+        public async Task<string> StoreAsync(AuthenticationTicket ticket)
+        {
+            var key = $"{_keyPrefix}{Guid.NewGuid()}";
+            await RenewAsync(key, ticket);
+
+            return key;
+        }
+
+        public Task RenewAsync(string key, AuthenticationTicket ticket)
+        {
+            var options = new DistributedCacheEntryOptions();
+            var expiresUtc = ticket.Properties.ExpiresUtc ??
+                DateTimeOffset.UtcNow.AddMinutes(15);
+            options.SetAbsoluteExpiration(expiresUtc);
+
+            var val = SerializeToBytes(ticket);
+            _cache.Set(key, val, options);
+
+            return Task.FromResult(0);
+        }
+
+        public Task<AuthenticationTicket> RetrieveAsync(string key)
+        {
+            AuthenticationTicket ticket;
+            var bytes = _cache.Get(key);
+            ticket = DeserializeFromBytes(bytes);
+
+            return Task.FromResult(ticket);
+        }
+
+        public Task RemoveAsync(string key)
+        {
+            _cache.Remove(key);
+
+            return Task.FromResult(0);
+        }
+
+        private static byte[] SerializeToBytes(AuthenticationTicket source)
+        {
+            return TicketSerializer.Default.Serialize(source);
+        }
+
+        private static AuthenticationTicket DeserializeFromBytes(byte[] source)
+        {
+            return source == null ? null : TicketSerializer.Default.Deserialize(source);
+        }
+    }
+}