Temporary jwks endpoint

2020-08-26 11:54:35 +02:00 · 2020-08-26 11:54:35 +02:00 · 50a80561c8
commit 50a80561c8
parent 221732cb2a
2 changed files with 12 additions and 2 deletions
--- a/web/oauth.py
+++ b/web/oauth.py
@ -1,6 +1,7 @@
+from authlib.common.encoding import urlsafe_b64encode
 from authlib.oauth2 import OAuth2Error
 from flask import Blueprint, request, session, redirect
-from flask import render_template, jsonify, flash
+from flask import render_template, jsonify, flash, current_app
 from flask_babel import gettext
 from .models import User, Client
 from .oauth2utils import authorization, IntrospectionEndpoint, RevocationEndpoint
@ -66,3 +67,12 @@ def introspect_token():
@bp.route("/revoke", methods=["POST"])
 def revoke_token():
    return authorization.create_endpoint_response(RevocationEndpoint.ENDPOINT_NAME)
+
+
+@bp.route("/jwks.json")
+def jwks():
+    #TODO: Do not share secrets here!
+    key = urlsafe_b64encode(current_app.config["JWT"]["KEY"].encode("utf-8")).decode(
+        "utf-8"
+    )
+    return jsonify({"keys": [{"kid": None, "kty": "oct", "k": key}]})
--- a/web/templates/login.html
+++ b/web/templates/login.html
@ -6,7 +6,7 @@
    {% if logo_url %}
        <img class="ui tiny centered image" src="{{ logo_url }}" alt="{{ website_name }}">
    {% else %}
-        <i class="massive sign in icon"></i>
+        <i class="massive sign in icon image ui"></i>
    {% endif %}

    <h2 class="ui center aligned header">