Age | Commit message (Collapse) | Author |
|
We have a similar jwk module in gn2 that does similar functionality.
Moving the newest_jwk_with_rotation function to the module ensures
that there's some consistency between both modules so that when we
ever want to remove the duplication (e.g. by creating some python pip
package) it's easier.
|
|
|
|
The local sign in request used by gn2 uses json. However, the default
parsing assumes form data, see:
- https://github.com/lepture/authlib/blob/v1.2.0/authlib/integrations/flask_oauth2/authorization_server.py#L72
- https://github.com/lepture/authlib/blob/v1.2.0/authlib/integrations/flask_helpers.py#L5
We create a custom Authorization server that defaults to `use_json=True`
when creating the oauth request object
|
|
|
|
With the key rotation in place, eliminate the use of the
SSL_PRIVATE_KEY configuration which pointed to a specific non-changing
JWK.
|
|
|
|
To help with key rotation, we fetch the latest key, creating a new JWK
in any of the following 2 conditions:
* There is no JWK in the first place
* The "newest" key is older than a specified number of days
|
|
These linting errors can't be rebased into the newer commits.
|
|
We need to track the "lineage" of refresh tokens in order to detect
possible stolen tokens and mitigate damage.
|
|
Register the RefreshTokenGrant with the server to enable refreshing of
the tokens.
|
|
|
|
|
|
The authorisation server uses its key to sign any token it generates.
It uses the clients' public keys to validate any assertions it
receives from a client using the client's public key.
|
|
|
|
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
|
|
Change from gn3 to gn_auth
|
|
|