Generate new AccessToken each time user update his Information

im building a PWA app , where i implemented jwt token to auth users.

i have 2 main architecture problems ,but let me introduce you what im building .

i’m Building application that is all about dog lovers , this application is to post lost dogs, post dogs for an adoption , for dog owners to find a good dog services around them like vets and dog walkers etc

in my application you are registering with Facebook or Google,

in my application any user can open up services , if you are a dog walker you can easily open up a service fill in some basic stuff and people all around can find this new service .

i got [ auth , user , chat , association , dog , haircut, review , store , trainer , vet ,walker ] = micro services

i am planing to run it on Aws Ecs.

1st problem : JTW stay Outdated if i dont talk to Auth service and Re generate token for a user .

if user register new vet service, i must return him also a new access Token , or else his JWT token will be outdated with his old information that will not has that information about the newly created service.

right now im letting the micro services to talk between them and i really dont like this idea because i can easily get lost with debugging and logging them.

this is how creating new service look now

*each microservice holds in his ENV the key to read the JWT

User >

walkerService (creating new service) userService (updating User property “services” field with the new services pointer id) user object has “services” object inside , its has arrays that hold pointers to serviceDb authService (generating new updated access Token)

so what now ? each time user will do update or create service i should return new JWT ?

i can fix it using API GATEWAY , but …

2nd problem

if i create an api micro service, Api gateway , and move some of the logic into there i feel like im back into a monolith app , in api gateway i can do all stuff related to auth and actually remove the auth service at all , i can “bypass” the problem of direct talk between micro services because i can await for each micro service to finish his task before continue to the next task of the next micro service .

but then the api gateway become more logical and less simple like he should be with just auth , some throttle and routing around micro services…

For example , When in front end if you are watch a post of adoption ,

you actually looking at a document from the “dog” services , but , there also a field of owner (giving private name of the person who actually post this),

in the dog document i have for example the owner id

“dh83db34u9f” : { ownerId: “d236d8g2d83d4”, dogName: “Maya”, dogAge: “Etc..” }

so , before i return this document from the dog service , i also need to attach it the name of the owner so i need to ask from the “user” the public info for this user

and only then , combine this 2 into 1 object and Response to the Call…

i believe this api gateway shouldn’t do stuff like that , so i wonder should i create new service just for “crud” / “actions” ?

Generate slice that contains element

Suppose I have the array:

[2, 3, 4, 5, 6, 7, 8, 9] 

Now based on few parameters:

  1. current_item – currently selected item.
  2. select_size – selection size, always odd.

I want to get a sublist of the list that follows the conditions:

  1. current_item should be in middle of sublist if that is possible.
  2. In case when there is not enough elements on left/right of the list, use the ones from right/left.

Examples:

list: [2, 3, 4, 5, 6, 7, 8, 9] current_item: 5 select_size: 3  result: [4, 5, 6]   list: [2, 3, 4, 5, 6, 7, 8, 9] current_item: 2 select_size: 5  result: [2, 3, 4, 5, 6]  list: [2, 3, 4, 5, 6, 7, 8, 9] current_item: 8 select_size: 5  result: [5, 6, 7, 8, 9] 

Can I use PBKDF2 derivation function to generate a MAC in PKCS12 file?

It seems that the default password based key derivation function that is used by PKCS12 to generate a MAC is this one. It is unique to the standard and probably not used anywhere else. Is it possible to use PBKDF2 instead to generate a MAC? Surely I can use PBES2 scheme with PBKDF2 to protect key bags, but how do I encode this information for the whole file’s MAC? Is it possible in principle? So far my attempts to use it resulted in files that are not recognized both by OpenSSL and Windows tools.

Should I generate a lot of random serial keys and pick one for each registration or generate 1 for each user?

I’m talking about Online activation. My current workflow is:

  1. User pays via paypal (without registration)
  2. Paypal performs a request to my API.
  3. My API returns a serial key to the user.
  4. Then the user is able to register using this serial key.

Is a “pay to register then use” and not a “register then pay to use”.

So the question is:

  • Should I generate (let’s say 100) keys and store them in DB then pick the first one available when someone pays via paypal? Isn’t this vulnerable to “guess” attacks?
  • Should I generate 1 random key each time a user pays via paypal? Can’t this approach generate 2 equal keys? I mean I have no info from the user except what paypal tells me so I should somehow use a random function OR loop the entire table comparing the serial keys.

Generate digital certificates for employees using the organization’s certificate

I live in Peru and we have a small problem in the organization where I work. Dozens of documents are physically signed daily but this is a waste of time since there are documents that must be signed by more than one person and these people are in different geographical locations.

I am thinking of using digital certificates to sign PDFs but this causes me another problem. Certificates are issued in the name of the Organization, not of the employee who signs. Buying (and processing) the generation of a certificate with legal validity for each employee will take time and money so my question is the following:

Is it possible to generate new certificates for each employee (with legal validity) using our institutional certificate as root certificate?

Generate CSRF token in SPA

I’m extremely confused on the topic of generating a session long CSRF token on a single page application using React.

It looks like the convention is to have the server generate the CSRF token on log in, and embed the token on the login form.

However in single page applications, it’s not so simple.

What is the best method for applications using React and Angular, to retrieve the CSRF token from the backend? Is retrieving the token from just calling an API endpoint safe?

How likely is for a pseudorandom number generator to generate a long sequence of similar numbers?

How likely is for a pseudorandom number generator to generate a long sequence of similar numbers? “Similar numbers” could be same numbers, or numbers from a given range.

For example, if we consider PRNG algorithm being a simple counter counting from 0 tom MAX, the distribution is uniform and there’s a guarantee of not repeating numbers in a sequence. So, not repeating numbers does not break uniformness. But probably it breaks randomness, does it? To what extent? If so, does it mean, that the better the algorithm, the less guarantee we have to not generate similar numbers in sequence?

I’m particularly interested in the answers regarding Mersenne Twister as a most popular PRNG in programming languages implementations. It’d also be great to know how things are in operating systems’ crypto-secure PRNGs – Yarrow (macOS), Fortuna (FreeBSD) or ChaCha20 (Linux).

Use archive template for CPT but not generate urls for posts items

I need to be able to use the archive template for a custom post type but also at the same time prevent URLs from being created for the “posts” that are created, and keep the posts publicly visible.

I created the proper archive template and that works just fine, also the slug for the archive works great, but when I go to set rewrite to false I get a 404 error on the archive page. So it appears that the method won’t do. I could always create a page and query the posts in a page template but I would prefer not to.

So is there a way to use the archive template but also keep WordPress from creating URLs for the “posts” I create.

Below is the code I’m using to generate the CPT.

    function cptui_register_my_cpts_multi_fam_prop() {      /**      * Post Type: Multi-Family Properties .      */      $  labels = array(         "name" => __( "Properties ", "custom-post-type-ui" ),         "singular_name" => __( "Property", "custom-post-type-ui" ),     );      $  args = array(         "label" => __( "Properties ", "custom-post-type-ui" ),         "labels" => $  labels,         "description" => "",         "public" => true,         "publicly_queryable" => true,         "show_ui" => true,         "delete_with_user" => false,         "show_in_rest" => true,         "rest_base" => "",         "rest_controller_class" => "WP_REST_Posts_Controller",         "has_archive" => "multi-family-management/properties",         "show_in_menu" => "mf-menu",         "show_in_nav_menus" => true,         "exclude_from_search" => true,         "capability_type" => "post",         "map_meta_cap" => true,         "hierarchical" => false,         "rewrite" => false,         "query_var" => true,         "supports" => array( "title", "editor", "thumbnail" ),     );      register_post_type( "multi_fam_prop", $  args ); }  add_action( 'init', 'cptui_register_my_cpts_multi_fam_prop' ); 

First time posting here, so school me up if I’m missing anything.