aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-07-19 10:15:53 -0500
committerFrederick Muriuki Muriithi2024-07-31 09:30:23 -0500
commite18deccab2b891cf7de75690b1054360243b139d (patch)
tree0fb816f171d4e5a5f04e8f1e18d09dcace6190d9
parent6510dd5175b84c9780dda2fe0d8869efaeb2404b (diff)
downloadgn-auth-e18deccab2b891cf7de75690b1054360243b139d.tar.gz
Remove the `CLIENTS_SSL_PUBLIC_KEYS_DIR` configuration
Moving forward, each client will advertise it's current JWKs at a known endpoint, and we'll use those, rather than having a configuration that requires manual update of the certificates. This will make it easier to implement key rotation on the clients too.
-rw-r--r--gn_auth/__init__.py17
-rw-r--r--gn_auth/settings.py3
2 files changed, 2 insertions, 18 deletions
diff --git a/gn_auth/__init__.py b/gn_auth/__init__.py
index ee7ceb1..973110a 100644
--- a/gn_auth/__init__.py
+++ b/gn_auth/__init__.py
@@ -24,7 +24,7 @@ def check_mandatory_settings(app: Flask) -> None:
undefined = tuple(
setting for setting in (
"SECRET_KEY", "SQL_URI", "AUTH_DB", "AUTH_MIGRATIONS",
- "OAUTH2_SCOPE", "CLIENTS_SSL_PUBLIC_KEYS_DIR")
+ "OAUTH2_SCOPE")
if not ((setting in app.config) and bool(app.config[setting])))
if len(undefined) > 0:
raise ConfigurationError(
@@ -51,20 +51,6 @@ def load_secrets_conf(app: Flask) -> None:
app.config.from_pyfile(secretsfile)
-def parse_ssl_keys(app):
- """Parse the SSL keys."""
- def __parse_key__(keypath: Path) -> JsonWebKey:
- with open(keypath) as _sslkey:# pylint: disable=[unspecified-encoding]
- return JsonWebKey.import_key(_sslkey.read())
-
- key_storage_dir = Path(app.config["CLIENTS_SSL_PUBLIC_KEYS_DIR"])
- key_storage_dir.mkdir(exist_ok=True)
- app.config["SSL_PUBLIC_KEYS"] = {
- _key.as_dict()["kid"]: _key for _key in (
- __parse_key__(Path(key_storage_dir).joinpath(key))
- for key in os.listdir(key_storage_dir))}
-
-
def create_app(
config: Optional[dict] = None,
setup_logging: Callable[[Flask], None] = lambda appl: None
@@ -83,7 +69,6 @@ def create_app(
override_settings_with_envvars(app)
load_secrets_conf(app)
- parse_ssl_keys(app)
# ====== END: Setup configuration ======
setup_logging(app)
diff --git a/gn_auth/settings.py b/gn_auth/settings.py
index e9bfe23..6015560 100644
--- a/gn_auth/settings.py
+++ b/gn_auth/settings.py
@@ -32,8 +32,7 @@ CORS_HEADERS = [
"Access-Control-Allow-Credentials"
]
-# OpenSSL keys
-CLIENTS_SSL_PUBLIC_KEYS_DIR = "" # clients' public keys' directory
+# JSON Web Keys (JWKs)
JWKS_ROTATION_AGE_DAYS = 7 # Days (from creation) to keep a JWK in use.
JWKS_DELETION_AGE_DAYS = 14 # Days (from creation) to keep a JWK around before deleting it.