diff options
| author | Frederick Muriuki Muriithi | 2024-04-22 12:25:32 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2024-04-23 11:49:09 +0300 |
| commit | 062c78f4358deecdf80403baffbc76ab8b6185fb (patch) | |
| tree | 95ba61f8db64241240abfe0c3048ad87043a190f /gn2/wqflask/oauth2 | |
| parent | 70880f8ab3418a147d0577b2af1f813492a0c68b (diff) | |
| download | genenetwork2-062c78f4358deecdf80403baffbc76ab8b6185fb.tar.gz | |
Separate the auth server's public key from app's private key
* Use the app's private key to sign the initial assertions used for retrieving an authorisation token from the auth server. * Use auth server's public key to validate the authorisation tokens got from the auth server.
Diffstat (limited to 'gn2/wqflask/oauth2')
| -rw-r--r-- | gn2/wqflask/oauth2/toplevel.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/gn2/wqflask/oauth2/toplevel.py b/gn2/wqflask/oauth2/toplevel.py index bc32e80e..a1e9196d 100644 --- a/gn2/wqflask/oauth2/toplevel.py +++ b/gn2/wqflask/oauth2/toplevel.py @@ -46,7 +46,7 @@ def authorisation_code(): code = request.args.get("code", "") if bool(code): base_url = urlparse(request.base_url, scheme=request.scheme) - jwtkey = app.config["JWT_PRIVATE_KEY"] + jwtkey = app.config["SSL_PRIVATE_KEY"] issued = datetime.datetime.now() request_data = { "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer", @@ -56,7 +56,10 @@ def authorisation_code(): urlunparse(base_url), url_for("oauth2.toplevel.authorisation_code")), "assertion": jwt.encode( - header={"alg": "RS256", "typ": "jwt", "kid": jwtkey.kid}, + header={ + "alg": "RS256", + "typ": "jwt", + "kid": jwtkey.as_dict()["kid"]}, payload={ "iss": str(oauth2_clientid()), "sub": request.args["user_id"], |