aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authentication/oauth2/server.py
AgeCommit message (Collapse)Author
2024-08-02fix: use json to support parsing oauth2 requestsJohn Nduli
The local sign in request used by gn2 uses json. However, the default parsing assumes form data, see: - https://github.com/lepture/authlib/blob/v1.2.0/authlib/integrations/flask_oauth2/authorization_server.py#L72 - https://github.com/lepture/authlib/blob/v1.2.0/authlib/integrations/flask_helpers.py#L5 We create a custom Authorization server that defaults to `use_json=True` when creating the oauth request object
2024-07-31Validate JWTs against all existing JWKs.Frederick Muriuki Muriithi
2024-07-31Remove obsoleted SSL_PRIVATE_KEY configurationFrederick Muriuki Muriithi
With the key rotation in place, eliminate the use of the SSL_PRIVATE_KEY configuration which pointed to a specific non-changing JWK.
2024-07-31Update datetime references on changed import.Frederick Muriuki Muriithi
2024-07-31Retrieve newest JWK, creating a new JWK where necessary.Frederick Muriuki Muriithi
To help with key rotation, we fetch the latest key, creating a new JWK in any of the following 2 conditions: * There is no JWK in the first place * The "newest" key is older than a specified number of days
2024-05-13Fix myriad of linting errorFrederick Muriuki Muriithi
These linting errors can't be rebased into the newer commits.
2024-05-13Link old refresh token to newly issued refresh tokenFrederick Muriuki Muriithi
We need to track the "lineage" of refresh tokens in order to detect possible stolen tokens and mitigate damage.
2024-05-13Register the RefreshTokenGrant with the serverFrederick Muriuki Muriithi
Register the RefreshTokenGrant with the server to enable refreshing of the tokens.
2024-05-13Save refresh token when it is generated.Frederick Muriuki Muriithi
2024-05-13Save token with same ID as JWT's "jti" value.Frederick Muriuki Muriithi
2024-04-22Separate clients' keys from authorisation server's keyFrederick Muriuki Muriithi
The authorisation server uses its key to sign any token it generates. It uses the clients' public keys to validate any assertions it receives from a client using the client's public key.
2024-04-20Setup token validators at app initialisation.Frederick Muriuki Muriithi
2024-04-20Define and register grant for JWT tokens.Frederick Muriuki Muriithi
2024-03-21Delete commented out import.Munyoki Kilyungi
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-13Rename "the_client" to "_client".Munyoki Kilyungi
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2023-08-07Change imports to new unified db module.Frederick Muriuki Muriithi
2023-08-07Update module name/pathFrederick Muriuki Muriithi
Change from gn3 to gn_auth
2023-08-04Copy over files from GN3 repository.Frederick Muriuki Muriithi