Add support for key rotation / change for providers #35
Description
We should add a way for providers to regularly rotate / change their key pairs. This can e.g. be done as follows:
- A provider marks a key pair as
inactive. - The API will no longer distribute appointments from the provider with the inactive key pair, but appointment details will still be available for users as well as the provider.
- The provider creates a new key pair and submits it to the backend for review.
- A mediator signs the new key pair and provider data but marks it as
initializing. - The provider app re-publishes all appointments using the new key pair, including the re-keyed booking data.
- The provider app asks the backend to set the key pair status to
active.
This process will still need some adjustments as it will break some functionality for the user app e.g. when checking the status of an appointment. It might be necessary to either re-add an independent provider ID (currently we use the hash of the public signing key) or link public keys via a data structure in the backend (i.e. when asking for a given provider ID for a public key the endpoint checks a link table and return the currently active provider ID).