Please consider the envrionment before printing
In the initial release of Key Rotation for OpenIddict, our primary focus was on rotating signing keys, with encryption key rotation still to come. Now, with v2.0.0, we’re excited to announce that developers can effortlessly rotate both signing and encryption keys, making your applications more secure and flexible than ever before. This upgraded capability streamlines key management.
Rotating your encryption keys helps to secure your encrypted data generated by OpenIddict. This is because rotating keys decreases the risk created when a key is leaked or used over a lengthy period.
When using encrypted JWEs, you will need to account for the inability to currently share these new keys with remote clients. There are several ways to circumvent this. Please refer to our documentation here.
In the future, support for the Client Metadata RFC is anticipated, although there is currently no timeline for its implementation. But this will allow the use of asymmetric encryption using key material provided by resource servers instead. Here are two tickets in OpenIddict for tracking this (2400, 2401).
You can get a 30-day demo license here to try out Key Rotation for OpenIddict.
This hasn’t changed much since the release of V1; you can see this in the “Introducing Key Rotation for OpenIddict” article. But since .NET 10 has been released, adding support for this is also a priority.
When Client Metadata RFC becomes available in OpenIddict, we would like to support it in Key Rotation.
OpenIddict Components
