| Age | Commit message (Collapse) | Author |
|---|
|
We are running GeneNetwork in different environments. Each environment
could have it's own separate domain, and need a different sender email
to allow the underlying services to allow the emails through.
|
|
Moving forward, each client will advertise it's current JWKs at a
known endpoint, and we'll use those, rather than having a
configuration that requires manual update of the certificates.
This will make it easier to implement key rotation on the clients too.
|
|
Enable passing in the number of minutes that a session can be valid
for. This enables the length of time that the session can last to be
configurable rather than hard-coded.
|
|
With the key rotation in place, eliminate the use of the
SSL_PRIVATE_KEY configuration which pointed to a specific non-changing
JWK.
|
|
To help with key rotation, we fetch the latest key, creating a new JWK
in any of the following 2 conditions:
* There is no JWK in the first place
* The "newest" key is older than a specified number of days
|
|
|
|
|
|
|
|
The authorisation server uses its key to sign any token it generates.
It uses the clients' public keys to validate any assertions it
receives from a client using the client's public key.
|
|
Add paths to the SSL key-pair used for signing and verifying the JWTs.
|
|
|
|
Copy the missing scripts over from GN3 and update them for
gn-auth. Update the code to invoke the scripts correctly. Set up
correct redis keys for use with the scripts.
|
|
|
|
|
|
|
