-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audience key in JWTs #733
Audience key in JWTs #733
Conversation
Codecov Report
@@ Coverage Diff @@
## master #733 +/- ##
==========================================
+ Coverage 93.74% 93.78% +0.03%
==========================================
Files 130 130
Lines 6473 6514 +41
Branches 683 685 +2
==========================================
+ Hits 6068 6109 +41
Misses 283 283
Partials 122 122
Continue to review full report at Codecov.
|
Looks like supplying it as a fixture mucks up pytest's fixture resolution
…nerators stay in sync
Co-Authored-By: maxalbert <maxalbert@users.noreply.github.com>
Co-Authored-By: maxalbert <maxalbert@users.noreply.github.com>
""" | ||
private_key, public_key = generate_keypair() | ||
rsa_private_key = load_private_key(private_key.decode()) | ||
assert private_key == rsa_private_key.private_bytes( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this simply duplicating the implementation? Still good to have the test, I just wonder whether there is an independent way of testing it (e.g. to encrypt & decrypt a small sample message and test that we get the original result?) But if not this is probably the easiest way to test things.
identity_claim_key="identity", | ||
user_claims_key="user_claims", | ||
json_encoder=JSONEncoder, | ||
audience=server.name, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Forgot to change this to flowapi_identifier
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome! 🏅
Co-Authored-By: maxalbert <maxalbert@users.noreply.github.com>
Co-Authored-By: maxalbert <maximilian.albert@gmail.com>
Co-Authored-By: maxalbert <maximilian.albert@gmail.com>
Closes #727
I have:
Description
This adds an audience key to the JWTs (required to use public key signing for the link between flowauth and flowapi while not allowing tokens to be used for different servers than intended).
The audience key is the name of the server, so when adding a server in FlowAuth, this will now need to match the
FLOWAPI_IDENTIFIER
env var passed into the flowapi container.