wn/authservice
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pubkey stuff

Browse Source
This commit is contained in:
Wolfgang Hottgenroth 2021-05-06 16:37:32 +02:00
parent 49e8aa43b4
commit 0377278ea0
Signed by: wn
GPG Key ID: 6C1E5E531E0D5D7F
3 changed files with 40 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
auth.py
View File

@ -13,7 +13,9 @@ DB_HOST = os.environ["DB_HOST"]
DB_NAME = os.environ["DB_NAME"]
JWT_ISSUER = os.environ["JWT_ISSUER"]
JWT_SECRET = os.environ["JWT_SECRET"]
class NoUserException(Exception):
@ -28,6 +30,13 @@ class PasswordMismatchException(Exception):
UserEntry = namedtuple('UserEntry', ['id', 'login', 'expiry', 'claims'])
JWT_PRIV_KEY = ""
with open('/opt/app/config/authservice.key', 'r') as f:
JWT_PRIV_KEY = f.readlines()
JWT_PUB_KEY = ""
with open('/opt/app/config/authservice.pub', 'r') as f:
JWT_PUB_KEY = f.readlines()
def getUserEntryFromDB(application: str, login: str):
@ -103,7 +112,7 @@ def generateToken(**args):
# print("DEBUG: generateToken: add claim {} -> {}".format(claim[0], claim[1]))
payload[claim[0]] = claim[1]
return jwt.encode(payload, JWT_SECRET, algorithm='RS256')
return jwt.encode(payload, JWT_PRIV_KEY, algorithm='RS256')
except NoUserException:
print("ERROR: generateToken: no user found, login or application wrong")
raise werkzeug.exceptions.Unauthorized()
@ -119,3 +128,6 @@ def generateToken(**args):
except Exception as e:
print("ERROR: generateToken: unspecific exception: {}".format(str(e)))
raise werkzeug.exceptions.Unauthorized()
def getPubKey():
return JWT_PUB_KEY

13
openapi.yaml
View File

@ -35,6 +35,19 @@ paths:
type: string
security:
- jwt: ['secret']
/pubkey:
get:
tags: [ "JWT" ]
summary: Get the public key of this issuer
operationId: auth.getPubKey
responses:
'200':
description: public key
content:
'text/plain':
schema:
type: string
components:
securitySchemes:

13
readme.md Normal file
View File

@ -0,0 +1,13 @@
Generate the RSA key pair using:
Private key (keep it secret!):
openssl genrsa -out authservice.pem 2048
Extract the public key (publish it):
openssl rsa -in authservice.pem -outform PEM -pubout -out authservice.pub