Prepare keys for environment migration#2090
Conversation
There was a problem hiding this comment.
Pull request overview
This PR prepares for an environment migration by adding support for an old Frontegg public key (OLD_FRONTEGG_PUBLIC_KEY) alongside the current one. During migration, JWT tokens signed with either the old or new key will be accepted, ensuring continuity for authenticated users.
Changes:
- Added
OLD_FRONTEGG_PUBLIC_KEYto theAppSystemPropenum for system configuration. - Updated both
user-info.module.tsandcloud-template.controller.tsto try verifying JWTs against both the new and old public keys (falling back to the old key if the new one fails). - Introduced a new
verifyUserWithPublicKeyshelper function (duplicated in both files) that iterates over an array of keys.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
packages/server/shared/src/lib/system/system-prop.ts |
Added OLD_FRONTEGG_PUBLIC_KEY enum value |
packages/server/api/src/app/user-info/user-info.module.ts |
Updated auth to try multiple public keys; added verifyUserWithPublicKeys |
packages/server/api/src/app/flow-template/cloud-template.controller.ts |
Updated auth to try multiple public keys; added duplicate verifyUserWithPublicKeys |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
packages/server/api/src/app/flow-template/cloud-template.controller.ts
Outdated
Show resolved
Hide resolved
|
|
||
| FRONTEGG_URL = 'FRONTEGG_URL', | ||
| FRONTEGG_PUBLIC_KEY = 'FRONTEGG_PUBLIC_KEY', | ||
| OLD_FRONTEGG_PUBLIC_KEY = 'OLD_FRONTEGG_PUBLIC_KEY', // TODO: Can be removed after 13/04/2026 |
There was a problem hiding this comment.
The expiration date for these tokens is 1 month. Therefore, we must keep the old tokens valid for at least 1 month.
|
Part of OPS-3849.