aboutsummaryrefslogtreecommitdiff
path: root/gn_auth
diff options
context:
space:
mode:
Diffstat (limited to 'gn_auth')
-rw-r--r--gn_auth/auth/authentication/oauth2/server.py19
-rw-r--r--gn_auth/auth/jwks.py17
2 files changed, 18 insertions, 18 deletions
diff --git a/gn_auth/auth/authentication/oauth2/server.py b/gn_auth/auth/authentication/oauth2/server.py
index ba5abe8..7b65c8e 100644
--- a/gn_auth/auth/authentication/oauth2/server.py
+++ b/gn_auth/auth/authentication/oauth2/server.py
@@ -15,7 +15,7 @@ from authlib.integrations.flask_helpers import create_oauth_request
from gn_auth.auth.db import sqlite3 as db
from gn_auth.auth.jwks import (
- list_jwks, newest_jwk, jwks_directory, generate_and_save_private_key)
+ list_jwks, newest_jwk_with_rotation, jwks_directory, generate_and_save_private_key)
from .models.oauth2client import client as fetch_client
from .models.oauth2token import OAuth2Token, save_token
@@ -96,23 +96,6 @@ def create_save_token_func(token_model: type, app: Flask) -> Callable:
return __save_token__
-def newest_jwk_with_rotation(jwksdir: Path, keyage: int) -> JsonWebKey:
- """
- Retrieve the latests JWK, creating a new one if older than `keyage` days.
- """
- def newer_than_days(jwkey):
- filestat = os.stat(Path(
- jwksdir, f"{jwkey.as_dict()['kid']}.private.pem"))
- oldesttimeallowed = (datetime.now() - timedelta(days=keyage))
- if filestat.st_ctime < (oldesttimeallowed.timestamp()):
- return Left("JWK is too old!")
- return jwkey
-
- return newest_jwk(jwksdir).then(newer_than_days).either(
- lambda _errmsg: generate_and_save_private_key(jwksdir),
- lambda key: key)
-
-
def make_jwt_token_generator(app):
"""Make token generator function."""
def __generator__(# pylint: disable=[too-many-arguments]
diff --git a/gn_auth/auth/jwks.py b/gn_auth/auth/jwks.py
index 1352b95..810a162 100644
--- a/gn_auth/auth/jwks.py
+++ b/gn_auth/auth/jwks.py
@@ -67,3 +67,20 @@ def newest_jwk(storagedir: Path) -> Either:
if len(existingkeys) > 0:
return Right(pem_to_jwk(existingkeys[-1][1]))
return Left("No JWKs exist")
+
+
+def newest_jwk_with_rotation(jwksdir: Path, keyage: int) -> JsonWebKey:
+ """
+ Retrieve the latests JWK, creating a new one if older than `keyage` days.
+ """
+ def newer_than_days(jwkey):
+ filestat = os.stat(Path(
+ jwksdir, f"{jwkey.as_dict()['kid']}.private.pem"))
+ oldesttimeallowed = (datetime.now() - timedelta(days=keyage))
+ if filestat.st_ctime < (oldesttimeallowed.timestamp()):
+ return Left("JWK is too old!")
+ return jwkey
+
+ return newest_jwk(jwksdir).then(newer_than_days).either(
+ lambda _errmsg: generate_and_save_private_key(jwksdir),
+ lambda key: key)