Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-08-02 | fix: use json to support parsing oauth2 requests | John Nduli | |
The local sign in request used by gn2 uses json. However, the default parsing assumes form data, see: - https://github.com/lepture/authlib/blob/v1.2.0/authlib/integrations/flask_oauth2/authorization_server.py#L72 - https://github.com/lepture/authlib/blob/v1.2.0/authlib/integrations/flask_helpers.py#L5 We create a custom Authorization server that defaults to `use_json=True` when creating the oauth request object | |||
2024-07-31 | Validate JWTs against all existing JWKs. | Frederick Muriuki Muriithi | |
2024-07-31 | Remove obsoleted SSL_PRIVATE_KEY configuration | Frederick Muriuki Muriithi | |
With the key rotation in place, eliminate the use of the SSL_PRIVATE_KEY configuration which pointed to a specific non-changing JWK. | |||
2024-07-31 | Update datetime references on changed import. | Frederick Muriuki Muriithi | |
2024-07-31 | Retrieve newest JWK, creating a new JWK where necessary. | Frederick Muriuki Muriithi | |
To help with key rotation, we fetch the latest key, creating a new JWK in any of the following 2 conditions: * There is no JWK in the first place * The "newest" key is older than a specified number of days | |||
2024-05-13 | Fix myriad of linting error | Frederick Muriuki Muriithi | |
These linting errors can't be rebased into the newer commits. | |||
2024-05-13 | Link old refresh token to newly issued refresh token | Frederick Muriuki Muriithi | |
We need to track the "lineage" of refresh tokens in order to detect possible stolen tokens and mitigate damage. | |||
2024-05-13 | Register the RefreshTokenGrant with the server | Frederick Muriuki Muriithi | |
Register the RefreshTokenGrant with the server to enable refreshing of the tokens. | |||
2024-05-13 | Save refresh token when it is generated. | Frederick Muriuki Muriithi | |
2024-05-13 | Save token with same ID as JWT's "jti" value. | Frederick Muriuki Muriithi | |
2024-04-22 | Separate clients' keys from authorisation server's key | Frederick Muriuki Muriithi | |
The authorisation server uses its key to sign any token it generates. It uses the clients' public keys to validate any assertions it receives from a client using the client's public key. | |||
2024-04-20 | Setup token validators at app initialisation. | Frederick Muriuki Muriithi | |
2024-04-20 | Define and register grant for JWT tokens. | Frederick Muriuki Muriithi | |
2024-03-21 | Delete commented out import. | Munyoki Kilyungi | |
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com> | |||
2024-03-13 | Rename "the_client" to "_client". | Munyoki Kilyungi | |
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com> | |||
2023-08-07 | Change imports to new unified db module. | Frederick Muriuki Muriithi | |
2023-08-07 | Update module name/path | Frederick Muriuki Muriithi | |
Change from gn3 to gn_auth | |||
2023-08-04 | Copy over files from GN3 repository. | Frederick Muriuki Muriithi | |