aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-07-18 12:18:34 -0500
committerFrederick Muriuki Muriithi2024-07-18 12:21:42 -0500
commit0a748d6e87f4eecd95a3d6dc89b759a82210b6d6 (patch)
tree61f7cc6f6726651428eeb7ebba34fedd38bdf7c0
parenteffe7065eba87579551d86f306eba830f9cc8d6f (diff)
downloadgn-auth-0a748d6e87f4eecd95a3d6dc89b759a82210b6d6.tar.gz
List any/all existing JWKs
List any/all existing JWKs that the server currently supports.
-rw-r--r--gn_auth/auth/authentication/oauth2/views.py14
1 files changed, 14 insertions, 0 deletions
diff --git a/gn_auth/auth/authentication/oauth2/views.py b/gn_auth/auth/authentication/oauth2/views.py
index 22437a2..679eace 100644
--- a/gn_auth/auth/authentication/oauth2/views.py
+++ b/gn_auth/auth/authentication/oauth2/views.py
@@ -1,6 +1,7 @@
"""Endpoints for the oauth2 server"""
import uuid
import traceback
+from pathlib import Path
from urllib.parse import urlparse
from authlib.oauth2.rfc6749.errors import InvalidClientError
@@ -9,6 +10,7 @@ from flask import (
flash,
request,
url_for,
+ jsonify,
redirect,
Response,
Blueprint,
@@ -17,6 +19,7 @@ from flask import (
from gn_auth.auth.db import sqlite3 as db
from gn_auth.auth.db.sqlite3 import with_db_connection
+from gn_auth.auth.jwks import jwks_directory, list_jwks
from gn_auth.auth.errors import NotFoundError, ForbiddenAccess
from gn_auth.auth.authentication.users import valid_login, user_by_email
@@ -116,3 +119,14 @@ def introspect_token() -> Response:
IntrospectionEndpoint.ENDPOINT_NAME)
raise ForbiddenAccess("You cannot access this endpoint")
+
+
+@auth.route("/public-jwks", methods=["GET"])
+def public_jwks():
+ """Provide the JWK public keys used by this application."""
+ return jsonify({
+ "documentation": (
+ "The keys are listed in order of creation, from the oldest (first) "
+ "to the newest (last)."),
+ "jwks": tuple(key.as_dict() for key in list_jwks(jwks_directory(
+ Path(app.config["GN_AUTH_SECRETS"]).parent)))})