aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authentication/oauth2
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-07-18 16:54:07 -0500
committerFrederick Muriuki Muriithi2024-07-31 09:30:21 -0500
commit8a3a16f25f6d87b6cf679c888eacba816415baa9 (patch)
tree7331f7c89ada5074a798c7fed923b9c8ab052498 /gn_auth/auth/authentication/oauth2
parentddb2b6804672c982568be891b35a5352cc6263b0 (diff)
downloadgn-auth-8a3a16f25f6d87b6cf679c888eacba816415baa9.tar.gz
Remove obsoleted SSL_PRIVATE_KEY configuration
With the key rotation in place, eliminate the use of the SSL_PRIVATE_KEY configuration which pointed to a specific non-changing JWK.
Diffstat (limited to 'gn_auth/auth/authentication/oauth2')
-rw-r--r--gn_auth/auth/authentication/oauth2/server.py11
1 files changed, 7 insertions, 4 deletions
diff --git a/gn_auth/auth/authentication/oauth2/server.py b/gn_auth/auth/authentication/oauth2/server.py
index 6ed3c86..5806da6 100644
--- a/gn_auth/auth/authentication/oauth2/server.py
+++ b/gn_auth/auth/authentication/oauth2/server.py
@@ -50,10 +50,14 @@ def create_query_client_func() -> Callable:
return __query_client__
-def create_save_token_func(token_model: type, jwtkey: jwk) -> Callable:
+def create_save_token_func(token_model: type, app: Flask) -> Callable:
"""Create the function that saves the token."""
def __save_token__(token, request):
- _jwt = jwt.decode(token["access_token"], jwtkey)
+ _jwt = jwt.decode(
+ token["access_token"],
+ newest_jwk_with_rotation(
+ jwks_directory(app),
+ int(app.config["JWKS_ROTATION_AGE_DAYS"])))
_token = token_model(
token_id=uuid.UUID(_jwt["jti"]),
client=request.client,
@@ -156,8 +160,7 @@ def setup_oauth2_server(app: Flask) -> None:
server.init_app(
app,
query_client=create_query_client_func(),
- save_token=create_save_token_func(
- OAuth2Token, app.config["SSL_PRIVATE_KEY"]))
+ save_token=create_save_token_func(OAuth2Token, app))
app.config["OAUTH2_SERVER"] = server
## Set up the token validators