authe

auth.py

@@ -13,7 +13,9 @@ DB_HOST = os.environ["DB_HOST"]
 DB_NAME = os.environ["DB_NAME"]
 
 JWT_ISSUER = os.environ["JWT_ISSUER"]
-JWT_SECRET = os.environ["JWT_SECRET"]
+
+
+
 
 
 class NoUserException(Exception): 
@@ -28,6 +30,13 @@ class PasswordMismatchException(Exception):
 
 UserEntry = namedtuple('UserEntry', ['id', 'login', 'expiry', 'claims'])
 
+JWT_PRIV_KEY = ""
+with open('/opt/app/config/authservice.key', 'r') as f:
+    JWT_PRIV_KEY = f.read()
+
+JWT_PUB_KEY = ""
+with open('/opt/app/config/authservice.pub', 'r') as f:
+    JWT_PUB_KEY = f.read()
 
 
 def getUserEntryFromDB(application: str, login: str):
@@ -103,7 +112,7 @@ def generateToken(**args):
             # print("DEBUG: generateToken: add claim {} -> {}".format(claim[0], claim[1]))
             payload[claim[0]] = claim[1]
 
-        return jwt.encode(payload, JWT_SECRET, algorithm='RS256')
+        return jwt.encode(payload, JWT_PRIV_KEY, algorithm='RS256')
     except NoUserException:
         print("ERROR: generateToken: no user found, login or application wrong")
         raise werkzeug.exceptions.Unauthorized()
@@ -119,3 +128,9 @@ def generateToken(**args):
     except Exception as e:
         print("ERROR: generateToken: unspecific exception: {}".format(str(e)))
         raise werkzeug.exceptions.Unauthorized()
+
+def generateTokenFromEnc(content):
+    return content
+
+def getPubKey():
+    return JWT_PUB_KEY

openapi.yaml

@@ -7,7 +7,7 @@ paths:
   /auth:
     post:
       tags: [ "JWT" ]
-      summary: Return JWT token
+      summary: Accept login and password, return JWT token
       operationId: auth.generateToken
       requestBody:
         content:
@@ -21,6 +21,23 @@ paths:
             'text/plain':
               schema:
                 type: string
+  /authe:
+    post:
+      tags: [ "JWT" ]
+      summary: Accept encrypted set of credentials, return JWT token 
+      operationId: auth.generateTokenFromEnc
+      requestBody:
+        content:
+          'text/plain':
+            schema:
+              type: string
+      responses:
+        '200':
+          description: JWT token
+          content:
+            'text/plain':
+              schema:
+                type: string
   /secret:
     get:
       tags: [ "JWT" ]
@@ -35,6 +52,19 @@ paths:
                 type: string
       security:
       - jwt: ['secret']
+  /pubkey:
+    get:
+      tags: [ "JWT" ]
+      summary: Get the public key of this issuer
+      operationId: auth.getPubKey
+      responses:
+        '200':
+          description: public key
+          content:
+            'text/plain':
+              schema:
+                type: string
+
 
 components:
   securitySchemes:

readme.md

@@ -0,0 +1,13 @@
+Generate the RSA key pair using:
+
+
+Private key (keep it secret!):
+
+   openssl genrsa -out authservice.key 2048
+
+
+Extract the public key (publish it):
+
+   openssl rsa -in authservice.pem -outform PEM -pubout -out authservice.pub
+
+