Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make JWT key optional by generating it on the fly if unspecified #820

Merged
merged 2 commits into from
May 12, 2023
Merged

Make JWT key optional by generating it on the fly if unspecified #820

merged 2 commits into from
May 12, 2023

Conversation

LukasKalbertodt
Copy link
Member

See commit messages.

Fixes #634

@LukasKalbertodt LukasKalbertodt added the changelog:admin Changes primarily for admins label May 11, 2023
@github-actions github-actions bot temporarily deployed to test-deployment-pr820 May 11, 2023 14:59 Destroyed
@owi92
Copy link
Member

owi92 commented May 11, 2023

I think this should work? But anything I try to upload either fails or isn't added to Tobira. Though it's the same on the current deployment, so I don't think this has anything to do with this PR. Can you confirm this? Is this the issue that ETH is also having?

@LukasKalbertodt
Make JWT key optional by generating it on the fly if unspecified
9edbfa7 
This makes setting up Tobira easier as one doesn't have to deal with JWT
at all until later, when one can actually test the uploader and such.
While I first only did that for the initial setup phase, I think using
the generated key is totally fine for most use cases. Yes it changes,
but rotating keys is actually something that's recommended anyway. And
while Opencast has a cache on the JWKS data, if a JWT fails to validate,
it purges the cache and tries again. So restarting Tobira does not cause
any problems.
@LukasKalbertodt
Fix two minor doc bugs
4d74535 
The required PG version was bumped to 11 a while ago.
@LukasKalbertodt
Copy link
Member Author

Our test deployments have a specific key specified. We have to as all test deployments have to use the same key so that they all can be used to upload to the same Opencast. So to properly test this, one needs to run a local Opencast and edit the Tobira config to not specify a key anymore.

@github-actions github-actions bot temporarily deployed to test-deployment-pr820 May 12, 2023 08:36 Destroyed
owi92
owi92 approved these changes May 12, 2023
View reviewed changes
Copy link
Member

@owi92 owi92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So to properly test this, one needs to run a local Opencast and edit the Tobira config to not specify a key anymore.

Alright, makes sense. Tested both ES256 and ES384 after setting the respective value in opencast, and the key generation and upload work.

@owi92 owi92 merged commit 7ce53a8 into elan-ev:master May 12, 2023
4 checks passed
@LukasKalbertodt LukasKalbertodt deleted the jwt-optional branch May 12, 2023 09:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@owi92 owi92 owi92 approved these changes

Assignees
No one assigned
Labels
changelog:admin Changes primarily for admins
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Consider making JWT config optional to ease initial setup
2 participants
@LukasKalbertodt @owi92