From 8a3a16f25f6d87b6cf679c888eacba816415baa9 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Thu, 18 Jul 2024 16:54:07 -0500
Subject: Remove obsoleted SSL_PRIVATE_KEY configuration

With the key rotation in place, eliminate the use of the
SSL_PRIVATE_KEY configuration which pointed to a specific non-changing
JWK.
---
 gn_auth/auth/authentication/oauth2/server.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'gn_auth/auth/authentication/oauth2')

diff --git a/gn_auth/auth/authentication/oauth2/server.py b/gn_auth/auth/authentication/oauth2/server.py
index 6ed3c86..5806da6 100644
--- a/gn_auth/auth/authentication/oauth2/server.py
+++ b/gn_auth/auth/authentication/oauth2/server.py
@@ -50,10 +50,14 @@ def create_query_client_func() -> Callable:
 
     return __query_client__
 
-def create_save_token_func(token_model: type, jwtkey: jwk) -> Callable:
+def create_save_token_func(token_model: type, app: Flask) -> Callable:
     """Create the function that saves the token."""
     def __save_token__(token, request):
-        _jwt = jwt.decode(token["access_token"], jwtkey)
+        _jwt = jwt.decode(
+            token["access_token"],
+            newest_jwk_with_rotation(
+                jwks_directory(app),
+                int(app.config["JWKS_ROTATION_AGE_DAYS"])))
         _token = token_model(
             token_id=uuid.UUID(_jwt["jti"]),
             client=request.client,
@@ -156,8 +160,7 @@ def setup_oauth2_server(app: Flask) -> None:
     server.init_app(
         app,
         query_client=create_query_client_func(),
-        save_token=create_save_token_func(
-            OAuth2Token, app.config["SSL_PRIVATE_KEY"]))
+        save_token=create_save_token_func(OAuth2Token, app))
     app.config["OAUTH2_SERVER"] = server
 
     ## Set up the token validators
-- 
cgit v1.2.3