Retrieve newest JWK, creating a new JWK where necessary.

To help with key rotation, we fetch the latest key, creating a new JWK in any of the following 2 conditions: * There is no JWK in the first place * The "newest" key is older than a specified number of days
author: Frederick Muriuki Muriithi 2024-07-18 16:43:17 -0500
committer: Frederick Muriuki Muriithi 2024-07-31 09:30:20 -0500
commit: 945c70b238ec3cc31613b3c17d5ad57c5a2eedee (patch)
tree: dbcf10f72959259f55e1f62534635e9c1c3dab2f /gn_auth/settings.py
parent: 284b5baaffdd26599224d9c69ecd8f202b7277cb (diff)
download: gn-auth-945c70b238ec3cc31613b3c17d5ad57c5a2eedee.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/gn_auth/settings.py b/gn_auth/settings.py
index 7dc0105..ab6b079 100644
--- a/gn_auth/settings.py
+++ b/gn_auth/settings.py
@@ -32,6 +32,8 @@ CORS_HEADERS = [
 # OpenSSL keys
 CLIENTS_SSL_PUBLIC_KEYS_DIR = "" # clients' public keys' directory
 SSL_PRIVATE_KEY = "" # authorisation server primary key
+JWKS_ROTATION_AGE_DAYS = 7 # Days (from creation) to keep a JWK in use.
+JWKS_DELETION_AGE_DAYS = 14 # Days (from creation) to keep a JWK around before deleting it.
 
 ## Email
 SMTP_HOST = "smtp.genenetwork.org" # does not actually exist right now
author	Frederick Muriuki Muriithi	2024-07-18 16:43:17 -0500
committer	Frederick Muriuki Muriithi	2024-07-31 09:30:20 -0500
commit	945c70b238ec3cc31613b3c17d5ad57c5a2eedee (patch)
tree	dbcf10f72959259f55e1f62534635e9c1c3dab2f /gn_auth/settings.py
parent	284b5baaffdd26599224d9c69ecd8f202b7277cb (diff)
download	gn-auth-945c70b238ec3cc31613b3c17d5ad57c5a2eedee.tar.gz