From 665a1edef6f90d60899fe185b7d978423b554761 Mon Sep 17 00:00:00 2001
From: John Nduli
Date: Mon, 12 Aug 2024 12:15:26 +0300
Subject: docs: update documentation to reflect new secrets handling

---
 README.md       | 12 ++++++++----
 gn_auth/wsgi.py |  1 +
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index f944f5b..d72ed81 100644
--- a/README.md
+++ b/README.md
@@ -210,13 +210,17 @@ custom local_settings. At minimum it can contain:
 
 ```python
 # contents for local_settings saved at /absolute/path/to/local_settings_file.conf
-SECRET_KEY = "qQIrgiK29kXZU6v8D09y4uw_sk8I4cqgNZniYUrRoUk"
 SQL_URI = "mysql://user:password@localhost/db_name" # mysql uri
 AUTH_DB = "/absolute/path/to/auth.db/" # path to sqlite db file
+# path to file containings SECRETS key.
+# Note: this path is also used to determine the jwks location
+GN_AUTH_SECRETS = "/home/rookie/gn_data/gn2_files/secrets.conf"
+```
+
+Here's an example `secrets.conf` file:
 
-# OpenSSL keys
-CLIENTS_SSL_PUBLIC_KEYS_DIR = "/path/to/gn-auth/repo/tests/unit/test-public-keys-dir" # clients' public keys' directory
-SSL_PRIVATE_KEY = "/path/to/gn-auth/repo/tests/unit/test-ssl-private-key.pem" # authorisation server primary key
+```python
+SECRET_KEY = "qQIrgiK29kXZU6v8D09y4uw_sk8I4cqgNZniYUrRoUk"
 ```
 
 and you set up the oauth clients using:
diff --git a/gn_auth/wsgi.py b/gn_auth/wsgi.py
index c91c564..bb8abd2 100644
--- a/gn_auth/wsgi.py
+++ b/gn_auth/wsgi.py
@@ -130,6 +130,7 @@ def init_dev_clients(client_uri):
             "default_redirect_uri": f"{client_uri}/oauth2/code",
             "redirect_uris": [f"{client_uri}/oauth2/code",
                               f"{client_uri}/oauth2/token"],
+            "public-jwks-uri": f"{client_uri}/oauth2/public-jwks",
             "response_type": ["code", "token"],
             "scope": ["profile", "group", "role", "resource", "register-client",
                       "user", "masquerade", "migrate-data", "introspect"]
-- 
cgit v1.2.3