aboutsummaryrefslogtreecommitdiff
path: root/gn2/wqflask/oauth2
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-08-01 12:33:12 -0500
committerFrederick Muriuki Muriithi2024-08-01 15:02:17 -0500
commitc9063f5bde9a6163958a635b301d20a6323c874f (patch)
treea88f636f04e3f7398e0d5bdff43bf99869242e51 /gn2/wqflask/oauth2
parent20933e55de7927063dd159d116b468b4724a19a8 (diff)
downloadgenenetwork2-c9063f5bde9a6163958a635b301d20a6323c874f.tar.gz
Use auto-created and auto-rotated JSON Web Keys
Use auto-created JWKs for better security.
Diffstat (limited to 'gn2/wqflask/oauth2')
-rw-r--r--gn2/wqflask/oauth2/toplevel.py10
1 files changed, 7 insertions, 3 deletions
diff --git a/gn2/wqflask/oauth2/toplevel.py b/gn2/wqflask/oauth2/toplevel.py
index 210b0756..7ee0773d 100644
--- a/gn2/wqflask/oauth2/toplevel.py
+++ b/gn2/wqflask/oauth2/toplevel.py
@@ -13,6 +13,7 @@ from flask import (flash,
render_template,
current_app as app)
+from . import jwks
from . import session
from .checks import require_oauth2
from .request_utils import user_details, process_error
@@ -34,7 +35,9 @@ def authorisation_code():
code = request.args.get("code", "")
if bool(code):
base_url = urlparse(request.base_url, scheme=request.scheme)
- jwtkey = app.config["SSL_PRIVATE_KEY"]
+ jwtkey = jwks.newest_jwk_with_rotation(
+ jwks.jwks_directory(app, "GN2_SECRETS"),
+ int(app.config["JWKS_ROTATION_AGE_DAYS"]))
issued = datetime.datetime.now()
request_data = {
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
@@ -81,7 +84,7 @@ def authorisation_code():
return redirect("/")
return no_token_post(
- "auth/token", json=request_data).either(
+ "auth/token", data=request_data).either(
lambda err: __error__(process_error(err)), __success__)
flash("AuthorisationError: No code was provided.", "alert-danger")
return redirect("/")
@@ -92,5 +95,6 @@ def public_jwks():
"""Provide endpoint that returns the public keys."""
return jsonify({
"documentation": "Returns a static key for the time being. This will change.",
- "jwks": KeySet([app.config["SSL_PRIVATE_KEY"]]).as_dict().get("keys")
+ "jwks": KeySet(jwks.list_jwks(
+ jwks.jwks_directory(app, "GN2_SECRETS"))).as_dict().get("keys")
})