Skip to content
This repository has been archived by the owner on Dec 21, 2021. It is now read-only.

Commit

Permalink
implement persistent session key for integrating oidc-client to other…
Browse files Browse the repository at this point in the history
… services
  • Loading branch information
teemukataja committed Sep 14, 2020
1 parent f1f8397 commit 4afb6cd
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 8 deletions.
8 changes: 4 additions & 4 deletions docs/configuration.rst
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ Default values can be seen in the configuration file parser, they are the right-

.. literalinclude:: /../oidc_client/config/__init__.py
:language: python
:lines: 15-42
:lines: 17-50

The default values can be overwritten and saved to file in the ``config.ini`` configuration file.
The configuration file has three basic sections: ``app`` for application configuration, ``cookie`` for cookie
Expand All @@ -25,7 +25,7 @@ Application Configuration

.. literalinclude:: /../oidc_client/config/config.ini
:language: python
:lines: 18-29
:lines: 17-33

.. _cookie-conf:

Expand All @@ -34,7 +34,7 @@ Cookie Settings

.. literalinclude:: /../oidc_client/config/config.ini
:language: python
:lines: 31-48
:lines: 35-52

.. _aai-conf:

Expand All @@ -43,7 +43,7 @@ AAI Server Configuration

.. literalinclude:: /../oidc_client/config/config.ini
:language: python
:lines: 50-88
:lines: 54-92

.. _env:

Expand Down
5 changes: 2 additions & 3 deletions oidc_client/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

import sys

from cryptography.fernet import Fernet
from aiohttp import web
from aiohttp_session import setup as session_setup
from aiohttp_session.cookie_storage import EncryptedCookieStorage
Expand Down Expand Up @@ -59,8 +58,8 @@ async def init() -> web.Application:
server = web.Application()

# Create encrypted session storage
# Encryption key must be a 32 byte base64-encoded Fernet key
session_setup(server, EncryptedCookieStorage(Fernet.generate_key()[:32]))
# Encryption key must be 32 len bytes
session_setup(server, EncryptedCookieStorage(CONFIG.app["session_key"].encode()))

# Gather endpoints
server.router.add_routes(routes)
Expand Down
2 changes: 2 additions & 0 deletions oidc_client/config/__init__.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
"""OIDC Client Configuration."""

import os
import secrets
import logging

from pathlib import Path
Expand All @@ -22,6 +23,7 @@ def parse_config_file(path):
"host": os.environ.get("HOST", config.get("app", "host")) or "0.0.0.0", # nosec
"port": os.environ.get("PORT", config.get("app", "port")) or 8080,
"name": os.environ.get("NAME", config.get("app", "name")) or "oidc-client",
"session_key": os.environ.get("SESSION_KEY", config.get("app", "session_key")) or secrets.token_hex(16),
},
"cookie": {
"domain": os.environ.get("DOMAIN", config.get("cookie", "domain")) or "localhost",
Expand Down
6 changes: 5 additions & 1 deletion oidc_client/config/config.ini
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
# [aai] section contains configuration variables for the client-server communication with AAI
# [cookie] section contains configuration variables for cookie management
# Custom sections can be added in a similar fashion, and be loaded with config/__init__.py
# An example custom section [elixir] has been added for ELIXIR AAI use case
# -------------------------------------------------------------------------------------------------------

# ****************************************
Expand All @@ -28,6 +27,11 @@ port=8080
# Name for this API shown at root endpoint `/`
name=oidc-client

# Secret key to encrypt session storage, must be exactly 32 characters
# If left empty, a session key will be generated with secrets.token_hex(16)
# Share this key with other services, which need to decrypt the AIOHTTP_SESSION cookie
session_key=

# ***********************************
# Configuration for cookie management
# ***********************************
Expand Down

0 comments on commit 4afb6cd

Please sign in to comment.