diff options
author | Frederick Muriuki Muriithi | 2024-07-18 12:18:34 -0500 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2024-07-18 12:21:42 -0500 |
commit | 0a748d6e87f4eecd95a3d6dc89b759a82210b6d6 (patch) | |
tree | 61f7cc6f6726651428eeb7ebba34fedd38bdf7c0 | |
parent | effe7065eba87579551d86f306eba830f9cc8d6f (diff) | |
download | gn-auth-0a748d6e87f4eecd95a3d6dc89b759a82210b6d6.tar.gz |
List any/all existing JWKs
List any/all existing JWKs that the server currently supports.
-rw-r--r-- | gn_auth/auth/authentication/oauth2/views.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/gn_auth/auth/authentication/oauth2/views.py b/gn_auth/auth/authentication/oauth2/views.py index 22437a2..679eace 100644 --- a/gn_auth/auth/authentication/oauth2/views.py +++ b/gn_auth/auth/authentication/oauth2/views.py @@ -1,6 +1,7 @@ """Endpoints for the oauth2 server""" import uuid import traceback +from pathlib import Path from urllib.parse import urlparse from authlib.oauth2.rfc6749.errors import InvalidClientError @@ -9,6 +10,7 @@ from flask import ( flash, request, url_for, + jsonify, redirect, Response, Blueprint, @@ -17,6 +19,7 @@ from flask import ( from gn_auth.auth.db import sqlite3 as db from gn_auth.auth.db.sqlite3 import with_db_connection +from gn_auth.auth.jwks import jwks_directory, list_jwks from gn_auth.auth.errors import NotFoundError, ForbiddenAccess from gn_auth.auth.authentication.users import valid_login, user_by_email @@ -116,3 +119,14 @@ def introspect_token() -> Response: IntrospectionEndpoint.ENDPOINT_NAME) raise ForbiddenAccess("You cannot access this endpoint") + + +@auth.route("/public-jwks", methods=["GET"]) +def public_jwks(): + """Provide the JWK public keys used by this application.""" + return jsonify({ + "documentation": ( + "The keys are listed in order of creation, from the oldest (first) " + "to the newest (last)."), + "jwks": tuple(key.as_dict() for key in list_jwks(jwks_directory( + Path(app.config["GN_AUTH_SECRETS"]).parent)))}) |