diff options
| author | Frederick Muriuki Muriithi | 2024-07-18 16:43:17 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2024-07-31 09:30:20 -0500 |
| commit | 945c70b238ec3cc31613b3c17d5ad57c5a2eedee (patch) | |
| tree | dbcf10f72959259f55e1f62534635e9c1c3dab2f /gn_auth/settings.py | |
| parent | 284b5baaffdd26599224d9c69ecd8f202b7277cb (diff) | |
| download | gn-auth-945c70b238ec3cc31613b3c17d5ad57c5a2eedee.tar.gz | |
Retrieve newest JWK, creating a new JWK where necessary.
To help with key rotation, we fetch the latest key, creating a new JWK in any of the following 2 conditions: * There is no JWK in the first place * The "newest" key is older than a specified number of days
Diffstat (limited to 'gn_auth/settings.py')
| -rw-r--r-- | gn_auth/settings.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/gn_auth/settings.py b/gn_auth/settings.py index 7dc0105..ab6b079 100644 --- a/gn_auth/settings.py +++ b/gn_auth/settings.py @@ -32,6 +32,8 @@ CORS_HEADERS = [ # OpenSSL keys CLIENTS_SSL_PUBLIC_KEYS_DIR = "" # clients' public keys' directory SSL_PRIVATE_KEY = "" # authorisation server primary key +JWKS_ROTATION_AGE_DAYS = 7 # Days (from creation) to keep a JWK in use. +JWKS_DELETION_AGE_DAYS = 14 # Days (from creation) to keep a JWK around before deleting it. ## Email SMTP_HOST = "smtp.genenetwork.org" # does not actually exist right now |
