[PM-5293] Redis for Grants (#3577)

* Add Initial Redis Implementation * Format * Add Key to PersistedGrant * Reference Identity In Microbenchmark Project * Allow Filterable Benchmarks * Use Shorter Key And Cast to RedisKey Once * Add RedisPersistedGrantStore Benchmarks * Run restore * Format * Update ID4 References * Make RedisGrantStore Singleton * Use MessagePack * Use Cached Options * Turn off Compression * Minor Feedback * Add Docs to StorablePersistedGrant * Use existing Identity Redis --------- Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2026-01-02 00:23:40 +00:00 · 2023-12-15 10:53:00 -05:00
parent 699b884441
commit 1b705df958
6 changed files with 308 additions and 4 deletions
--- a/src/Identity/Utilities/ServiceCollectionExtensions.cs
+++ b/src/Identity/Utilities/ServiceCollectionExtensions.cs
@@ -1,10 +1,12 @@
 using Bit.Core.IdentityServer;
 using Bit.Core.Settings;
+using Bit.Core.Utilities;
 using Bit.Identity.IdentityServer;
 using Bit.SharedWeb.Utilities;
 using Duende.IdentityServer.ResponseHandling;
 using Duende.IdentityServer.Services;
 using Duende.IdentityServer.Stores;
+using StackExchange.Redis;

 namespace Bit.Identity.Utilities;

@@ -45,11 +47,34 @@ public static class ServiceCollectionExtensions
            .AddCustomTokenRequestValidator<CustomTokenRequestValidator>()
            .AddProfileService<ProfileService>()
            .AddResourceOwnerValidator<ResourceOwnerPasswordValidator>()
-            .AddPersistedGrantStore<PersistedGrantStore>()
            .AddClientStore<ClientStore>()
            .AddIdentityServerCertificate(env, globalSettings)
            .AddExtensionGrantValidator<WebAuthnGrantValidator>();

+        if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.RedisConnectionString))
+        {
+            // If we have redis, prefer it
+
+            // Add the original persisted grant store via it's implementation type
+            // so we can inject it right after.
+            services.AddSingleton<PersistedGrantStore>();
+
+            services.AddSingleton<IPersistedGrantStore>(sp =>
+            {
+                return new RedisPersistedGrantStore(
+                    // TODO: .NET 8 create a keyed service for this connection multiplexer and even PersistedGrantStore
+                    ConnectionMultiplexer.Connect(globalSettings.IdentityServer.RedisConnectionString),
+                    sp.GetRequiredService<ILogger<RedisPersistedGrantStore>>(),
+                    sp.GetRequiredService<PersistedGrantStore>() // Fallback grant store
+                );
+            });
+        }
+        else
+        {
+            // Use the original grant store
+            identityServerBuilder.AddPersistedGrantStore<PersistedGrantStore>();
+        }
+
        services.AddTransient<ICorsPolicyService, CustomCorsPolicyService>();
        return identityServerBuilder;
    }