| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-08-15 | Fix a bunch of linting errors. | Frederick Muriuki Muriithi | |
| 2024-08-14 | refactor: move newest_jwk_with_rotation function to jwks.py | John Nduli | |
| We have a similar jwk module in gn2 that does similar functionality. Moving the newest_jwk_with_rotation function to the module ensures that there's some consistency between both modules so that when we ever want to remove the duplication (e.g. by creating some python pip package) it's easier. | |||
| 2024-08-05 | Fix linting errors. | Frederick Muriuki Muriithi | |
| 2024-08-02 | fix: use json to support parsing oauth2 requests | John Nduli | |
| The local sign in request used by gn2 uses json. However, the default parsing assumes form data, see: - https://github.com/lepture/authlib/blob/v1.2.0/authlib/integrations/flask_oauth2/authorization_server.py#L72 - https://github.com/lepture/authlib/blob/v1.2.0/authlib/integrations/flask_helpers.py#L5 We create a custom Authorization server that defaults to `use_json=True` when creating the oauth request object | |||
| 2024-07-31 | Validate JWTs against all existing JWKs. | Frederick Muriuki Muriithi | |
| 2024-07-31 | Remove obsoleted SSL_PRIVATE_KEY configuration | Frederick Muriuki Muriithi | |
| With the key rotation in place, eliminate the use of the SSL_PRIVATE_KEY configuration which pointed to a specific non-changing JWK. | |||
| 2024-07-31 | Update datetime references on changed import. | Frederick Muriuki Muriithi | |
| 2024-07-31 | Retrieve newest JWK, creating a new JWK where necessary. | Frederick Muriuki Muriithi | |
| To help with key rotation, we fetch the latest key, creating a new JWK in any of the following 2 conditions: * There is no JWK in the first place * The "newest" key is older than a specified number of days | |||
| 2024-05-13 | Fix myriad of linting error | Frederick Muriuki Muriithi | |
| These linting errors can't be rebased into the newer commits. | |||
| 2024-05-13 | Link old refresh token to newly issued refresh token | Frederick Muriuki Muriithi | |
| We need to track the "lineage" of refresh tokens in order to detect possible stolen tokens and mitigate damage. | |||
| 2024-05-13 | Register the RefreshTokenGrant with the server | Frederick Muriuki Muriithi | |
| Register the RefreshTokenGrant with the server to enable refreshing of the tokens. | |||
| 2024-05-13 | Save refresh token when it is generated. | Frederick Muriuki Muriithi | |
| 2024-05-13 | Save token with same ID as JWT's "jti" value. | Frederick Muriuki Muriithi | |
| 2024-04-22 | Separate clients' keys from authorisation server's key | Frederick Muriuki Muriithi | |
| The authorisation server uses its key to sign any token it generates. It uses the clients' public keys to validate any assertions it receives from a client using the client's public key. | |||
| 2024-04-20 | Setup token validators at app initialisation. | Frederick Muriuki Muriithi | |
| 2024-04-20 | Define and register grant for JWT tokens. | Frederick Muriuki Muriithi | |
| 2024-03-21 | Delete commented out import. | Munyoki Kilyungi | |
| Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com> | |||
| 2024-03-13 | Rename "the_client" to "_client". | Munyoki Kilyungi | |
| Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com> | |||
| 2023-08-07 | Change imports to new unified db module. | Frederick Muriuki Muriithi | |
| 2023-08-07 | Update module name/path | Frederick Muriuki Muriithi | |
| Change from gn3 to gn_auth | |||
| 2023-08-04 | Copy over files from GN3 repository. | Frederick Muriuki Muriithi | |
 |
index : gn-auth | |
| GN authentication and authorization service |
| aboutsummaryrefslogtreecommitdiff |