Add database-backed IAtProtoTokenStore implementations (SQL, Redis, etc.) #3

Open
opened 2026-02-21 01:13:34 +00:00 by Grandiras · 0 comments
Owner

Summary

The current IAtProtoTokenStore implementations are:

  • FileAtProtoTokenStore (default) — File-based with Data Protection encryption. Good for single-server deployments.
  • InMemoryAtProtoTokenStore — Volatile, dev/testing only.

Neither supports multi-server / load-balanced deployments or centralized token management. We need database-backed implementations.

Proposed Implementations

SQL (EF Core)

  • EfCoreAtProtoTokenStore backed by a DbContext
  • Works with any EF Core provider (SQLite, PostgreSQL, SQL Server, etc.)
  • AddAtProtoServer<EfCoreAtProtoTokenStore>() registration pattern
  • Migration support for the token table

Redis

  • RedisAtProtoTokenStore using IConnectionMultiplexer
  • Natural fit for token storage (key-value with TTL)
  • AddAtProtoServer<RedisAtProtoTokenStore>() registration pattern

Considerations

  • Tokens contain DPoP private keys and must be encrypted at rest (Data Protection API or equivalent)
  • Thread-safety / concurrency for token refresh races
  • Token expiration cleanup (background service or lazy eviction)
  • Should each implementation live in its own NuGet package? (e.g., ATProtoNet.Server.EntityFrameworkCore, ATProtoNet.Server.Redis)
  • Provide sample projects and docs for each

Interface Reference

public interface IAtProtoTokenStore
{
    Task StoreAsync(string did, AtProtoTokenData data, CancellationToken ct = default);
    Task<AtProtoTokenData?> GetAsync(string did, CancellationToken ct = default);
    Task RemoveAsync(string did, CancellationToken ct = default);
}

Acceptance Criteria

  • At least one database-backed implementation (EF Core recommended as first)
  • Encryption at rest for stored tokens
  • Unit tests with in-memory database
  • Integration test sample
  • Documentation in docs/server.md
  • NuGet packaging decision documented
## Summary The current `IAtProtoTokenStore` implementations are: - **`FileAtProtoTokenStore`** (default) — File-based with Data Protection encryption. Good for single-server deployments. - **`InMemoryAtProtoTokenStore`** — Volatile, dev/testing only. Neither supports multi-server / load-balanced deployments or centralized token management. We need database-backed implementations. ## Proposed Implementations ### SQL (EF Core) - `EfCoreAtProtoTokenStore` backed by a `DbContext` - Works with any EF Core provider (SQLite, PostgreSQL, SQL Server, etc.) - `AddAtProtoServer<EfCoreAtProtoTokenStore>()` registration pattern - Migration support for the token table ### Redis - `RedisAtProtoTokenStore` using `IConnectionMultiplexer` - Natural fit for token storage (key-value with TTL) - `AddAtProtoServer<RedisAtProtoTokenStore>()` registration pattern ### Considerations - Tokens contain DPoP private keys and must be encrypted at rest (Data Protection API or equivalent) - Thread-safety / concurrency for token refresh races - Token expiration cleanup (background service or lazy eviction) - Should each implementation live in its own NuGet package? (e.g., `ATProtoNet.Server.EntityFrameworkCore`, `ATProtoNet.Server.Redis`) - Provide sample projects and docs for each ## Interface Reference ```csharp public interface IAtProtoTokenStore { Task StoreAsync(string did, AtProtoTokenData data, CancellationToken ct = default); Task<AtProtoTokenData?> GetAsync(string did, CancellationToken ct = default); Task RemoveAsync(string did, CancellationToken ct = default); } ``` ## Acceptance Criteria - [ ] At least one database-backed implementation (EF Core recommended as first) - [ ] Encryption at rest for stored tokens - [ ] Unit tests with in-memory database - [ ] Integration test sample - [ ] Documentation in `docs/server.md` - [ ] NuGet packaging decision documented
Sign in to join this conversation.
No description provided.