From 23de967334a5f7f2f2daa60884d550e5bd27767e Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 22 Apr 2024 11:37:36 +0300
Subject: Separate clients' keys from authorisation server's key

The authorisation server uses its key to sign any token it generates.

It uses the clients' public keys to validate any assertions it
receives from a client using the client's public key.
---
 gn_auth/auth/authentication/oauth2/server.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gn_auth/auth')

diff --git a/gn_auth/auth/authentication/oauth2/server.py b/gn_auth/auth/authentication/oauth2/server.py
index db2a0d5..0669139 100644
--- a/gn_auth/auth/authentication/oauth2/server.py
+++ b/gn_auth/auth/authentication/oauth2/server.py
@@ -66,7 +66,7 @@ def setup_oauth2_server(app: Flask) -> None:
     server.register_grant(JWTBearerGrant)
     server.register_token_generator(
         "urn:ietf:params:oauth:grant-type:jwt-bearer",
-        JWTBearerTokenGenerator(app.config["JWT_PRIVATE_KEY"]))
+        JWTBearerTokenGenerator(app.config["SSL_PRIVATE_KEY"]))
 
     # register endpoints
     server.register_endpoint(RevocationEndpoint)
@@ -82,4 +82,4 @@ def setup_oauth2_server(app: Flask) -> None:
     ## Set up the token validators
     require_oauth.register_token_validator(BearerTokenValidator())
     require_oauth.register_token_validator(
-        JWTBearerTokenValidator(app.config["JWT_PUBLIC_KEY"]))
+        JWTBearerTokenValidator(app.config["SSL_PRIVATE_KEY"].get_public_key()))
-- 
cgit v1.2.3