Add database-backed IAtProtoTokenStore implementations (SQL, Redis, etc.) #3

New issue

Open

opened 2026-02-21 01:13:34 +00:00 by Grandiras · 0 comments

Grandiras commented

2026-02-21 01:13:34 +00:00

Owner

Summary

The current IAtProtoTokenStore implementations are:

FileAtProtoTokenStore (default) — File-based with Data Protection encryption. Good for single-server deployments.
InMemoryAtProtoTokenStore — Volatile, dev/testing only.

Neither supports multi-server / load-balanced deployments or centralized token management. We need database-backed implementations.

Proposed Implementations

SQL (EF Core)

EfCoreAtProtoTokenStore backed by a DbContext
Works with any EF Core provider (SQLite, PostgreSQL, SQL Server, etc.)
AddAtProtoServer<EfCoreAtProtoTokenStore>() registration pattern
Migration support for the token table

Redis

RedisAtProtoTokenStore using IConnectionMultiplexer
Natural fit for token storage (key-value with TTL)
AddAtProtoServer<RedisAtProtoTokenStore>() registration pattern

Considerations

Tokens contain DPoP private keys and must be encrypted at rest (Data Protection API or equivalent)
Thread-safety / concurrency for token refresh races
Token expiration cleanup (background service or lazy eviction)
Should each implementation live in its own NuGet package? (e.g., ATProtoNet.Server.EntityFrameworkCore, ATProtoNet.Server.Redis)
Provide sample projects and docs for each

Interface Reference

public interface IAtProtoTokenStore
{
    Task StoreAsync(string did, AtProtoTokenData data, CancellationToken ct = default);
    Task<AtProtoTokenData?> GetAsync(string did, CancellationToken ct = default);
    Task RemoveAsync(string did, CancellationToken ct = default);
}

Acceptance Criteria

At least one database-backed implementation (EF Core recommended as first)
Encryption at rest for stored tokens
Unit tests with in-memory database
Integration test sample
Documentation in docs/server.md
NuGet packaging decision documented

## Summary The current `IAtProtoTokenStore` implementations are: - **`FileAtProtoTokenStore`** (default) — File-based with Data Protection encryption. Good for single-server deployments. - **`InMemoryAtProtoTokenStore`** — Volatile, dev/testing only. Neither supports multi-server / load-balanced deployments or centralized token management. We need database-backed implementations. ## Proposed Implementations ### SQL (EF Core) - `EfCoreAtProtoTokenStore` backed by a `DbContext` - Works with any EF Core provider (SQLite, PostgreSQL, SQL Server, etc.) - `AddAtProtoServer<EfCoreAtProtoTokenStore>()` registration pattern - Migration support for the token table ### Redis - `RedisAtProtoTokenStore` using `IConnectionMultiplexer` - Natural fit for token storage (key-value with TTL) - `AddAtProtoServer<RedisAtProtoTokenStore>()` registration pattern ### Considerations - Tokens contain DPoP private keys and must be encrypted at rest (Data Protection API or equivalent) - Thread-safety / concurrency for token refresh races - Token expiration cleanup (background service or lazy eviction) - Should each implementation live in its own NuGet package? (e.g., `ATProtoNet.Server.EntityFrameworkCore`, `ATProtoNet.Server.Redis`) - Provide sample projects and docs for each ## Interface Reference ```csharp public interface IAtProtoTokenStore { Task StoreAsync(string did, AtProtoTokenData data, CancellationToken ct = default); Task<AtProtoTokenData?> GetAsync(string did, CancellationToken ct = default); Task RemoveAsync(string did, CancellationToken ct = default); } ``` ## Acceptance Criteria - [ ] At least one database-backed implementation (EF Core recommended as first) - [ ] Encryption at rest for stored tokens - [ ] Unit tests with in-memory database - [ ] Integration test sample - [ ] Documentation in `docs/server.md` - [ ] NuGet packaging decision documented