IdentityShroud/IdentityShroud.Core/Model/Realm.cs

using System.ComponentModel.DataAnnotations;
using System.ComponentModel.DataAnnotations.Schema;
using IdentityShroud.Core.Security;

namespace IdentityShroud.Core.Model;

[Table("realm")]
public class Realm
{
    
    public Guid Id { get; set; }
    /// <summary>
    /// Note this is part of the url we should encourage users to keep it short but we do not want to limit them too much
    /// </summary>
    [MaxLength(40)]
    public string Slug { get; set; } = "";
    
    [MaxLength(128)]
    public string Name { get; set; } = "";
    public List<Client> Clients { get; init; } = [];

    public List<RealmKey> Keys { get; init; } = [];

    public List<RealmDek> Deks { get; init; } = [];

    /// <summary>
    /// Can be overriden per client
    /// </summary>
    public string DefaultSignatureAlgorithm { get; set; } = JsonWebAlgorithm.RS256;
}

[Table("realm_dek")]
public record RealmDek
{
    public required DekId Id { get; init; }
    public required bool Active { get; set; }
    public required string Algorithm { get; init; }
    public required EncryptedDek KeyData { get; init; }
    public required Guid RealmId { get; init; }
}
Happy flow for creating realms works But needs more validating... 2026-02-08 11:57:57 +01:00			`using System.ComponentModel.DataAnnotations;`
			`using System.ComponentModel.DataAnnotations.Schema;`
Implement jwks endpoint and add test for it. This also let to some improvements/cleanups of the other tests and fixtures. 2026-02-15 19:06:09 +01:00			`using IdentityShroud.Core.Security;`
Happy flow for creating realms works But needs more validating... 2026-02-08 11:57:57 +01:00
Miscelanious trials 2026-02-06 19:58:01 +01:00			`namespace IdentityShroud.Core.Model;`

Happy flow for creating realms works But needs more validating... 2026-02-08 11:57:57 +01:00			`[Table("realm")]`
Miscelanious trials 2026-02-06 19:58:01 +01:00			`public class Realm`
			`{`
Happy flow for creating realms works But needs more validating... 2026-02-08 11:57:57 +01:00
Miscelanious trials 2026-02-06 19:58:01 +01:00			`public Guid Id { get; set; }`
Happy flow for creating realms works But needs more validating... 2026-02-08 11:57:57 +01:00			`/// <summary>`
			`/// Note this is part of the url we should encourage users to keep it short but we do not want to limit them too much`
			`/// </summary>`
			`[MaxLength(40)]`
Miscelanious trials 2026-02-06 19:58:01 +01:00			`public string Slug { get; set; } = "";`
Happy flow for creating realms works But needs more validating... 2026-02-08 11:57:57 +01:00
			`[MaxLength(128)]`
			`public string Name { get; set; } = "";`
			`public List<Client> Clients { get; init; } = [];`

5-improve-encrypted-storage (#6) Added the use of DEK's for encryption of secrets. Both the KEK's and DEK's are stored in a way that you can have multiple key of which one is active. But the others are still available for decrypting. This allows for implementing key rotation. Co-authored-by: eelke <eelke@eelkeklein.nl> Co-authored-by: Eelke76 <31384324+Eelke76@users.noreply.github.com> Reviewed-on: https://code.eelkeklein.nl/eelke/IdentityShroud/pulls/6 2026-02-27 17:57:42 +00:00			`public List<RealmKey> Keys { get; init; } = [];`

			`public List<RealmDek> Deks { get; init; } = [];`
Implement jwks endpoint and add test for it. This also let to some improvements/cleanups of the other tests and fixtures. 2026-02-15 19:06:09 +01:00
			`/// <summary>`
			`/// Can be overriden per client`
			`/// </summary>`
			`public string DefaultSignatureAlgorithm { get; set; } = JsonWebAlgorithm.RS256;`
5-improve-encrypted-storage (#6) Added the use of DEK's for encryption of secrets. Both the KEK's and DEK's are stored in a way that you can have multiple key of which one is active. But the others are still available for decrypting. This allows for implementing key rotation. Co-authored-by: eelke <eelke@eelkeklein.nl> Co-authored-by: Eelke76 <31384324+Eelke76@users.noreply.github.com> Reviewed-on: https://code.eelkeklein.nl/eelke/IdentityShroud/pulls/6 2026-02-27 17:57:42 +00:00			`}`

			`[Table("realm_dek")]`
			`public record RealmDek`
			`{`
			`public required DekId Id { get; init; }`
			`public required bool Active { get; set; }`
			`public required string Algorithm { get; init; }`
			`public required EncryptedDek KeyData { get; init; }`
			`public required Guid RealmId { get; init; }`
Implement jwks endpoint and add test for it. This also let to some improvements/cleanups of the other tests and fixtures. 2026-02-15 19:06:09 +01:00			`}`