Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Speed up auth #3038

Merged
merged 2 commits into from
Aug 10, 2020
Merged

Speed up auth #3038

merged 2 commits into from
Aug 10, 2020

Conversation

htdvisser
Copy link
Contributor

Summary

This pull contains some optimizations for the authentication and authorization flows of the Identity Server.

Refs #1666 and #1393

Changes

  • Lower the number of PBKDF2 iterations for API keys and Access Tokens. These secrets are already pretty long at 50 characters, so we don't also need to spend 100ms hashing them.
  • Speed up GetUser (which is called on every request) by eliminating an extra query for the Account model.
    • Same for Organization, as this is basically the same code.

Testing

Covered by existing tests

Notes for Reviewers

There's still much more work to do, but these changes already give enough improvement to make it worth the PR.

Checklist

  • Scope: The referenced issue is addressed, there are no unrelated changes.
  • Compatibility: The changes are backwards compatible with existing API, storage, configuration and CLI, according to the compatibility commitments in README.md for the chosen target branch.
  • Documentation: Relevant documentation is added or updated.
  • Changelog: Significant features, behavior changes, deprecations and fixes are added to CHANGELOG.md.
  • Commits: Commit messages follow guidelines in CONTRIBUTING.md, there are no fixup commits left.

@htdvisser htdvisser added c/identity server This is related to the Identity Server performance Something is slow or takes too much CPU/Memory/... labels Aug 6, 2020
@htdvisser htdvisser added this to the August 2020 milestone Aug 6, 2020
@htdvisser htdvisser self-assigned this Aug 6, 2020
@github-actions github-actions bot added the compat/db This could affect Database compatibility label Aug 6, 2020
kschiffer
kschiffer approved these changes Aug 7, 2020
View reviewed changes
Copy link
Contributor

@kschiffer kschiffer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@htdvisser htdvisser merged commit 310fc1e into v3.9 Aug 10, 2020
@htdvisser htdvisser deleted the feature/auth-flow-speedup branch August 10, 2020 07:43
@htdvisser htdvisser mentioned this pull request Nov 8, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kschiffer kschiffer kschiffer approved these changes

@bafonins bafonins Awaiting requested review from bafonins

Assignees

@htdvisser htdvisser

Labels
c/identity server This is related to the Identity Server compat/db This could affect Database compatibility performance Something is slow or takes too much CPU/Memory/...
Projects
None yet
Milestone
August 2020
Development

Successfully merging this pull request may close these issues.
2 participants
@htdvisser @kschiffer