diff options
author | Frederick Muriuki Muriithi | 2024-07-18 16:43:17 -0500 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2024-07-31 09:30:20 -0500 |
commit | 945c70b238ec3cc31613b3c17d5ad57c5a2eedee (patch) | |
tree | dbcf10f72959259f55e1f62534635e9c1c3dab2f /gn_auth/settings.py | |
parent | 284b5baaffdd26599224d9c69ecd8f202b7277cb (diff) | |
download | gn-auth-945c70b238ec3cc31613b3c17d5ad57c5a2eedee.tar.gz |
Retrieve newest JWK, creating a new JWK where necessary.
To help with key rotation, we fetch the latest key, creating a new JWK
in any of the following 2 conditions:
* There is no JWK in the first place
* The "newest" key is older than a specified number of days
Diffstat (limited to 'gn_auth/settings.py')
-rw-r--r-- | gn_auth/settings.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/gn_auth/settings.py b/gn_auth/settings.py index 7dc0105..ab6b079 100644 --- a/gn_auth/settings.py +++ b/gn_auth/settings.py @@ -32,6 +32,8 @@ CORS_HEADERS = [ # OpenSSL keys CLIENTS_SSL_PUBLIC_KEYS_DIR = "" # clients' public keys' directory SSL_PRIVATE_KEY = "" # authorisation server primary key +JWKS_ROTATION_AGE_DAYS = 7 # Days (from creation) to keep a JWK in use. +JWKS_DELETION_AGE_DAYS = 14 # Days (from creation) to keep a JWK around before deleting it. ## Email SMTP_HOST = "smtp.genenetwork.org" # does not actually exist right now |