2020-10-22 08:08:41 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2021-11-15 16:14:31 -05:00
|
|
|
class JwksController < Doorkeeper::OpenidConnect::DiscoveryController
|
2020-10-22 08:08:41 -04:00
|
|
|
def index
|
2021-11-15 16:14:31 -05:00
|
|
|
render json: { keys: payload }
|
|
|
|
end
|
|
|
|
|
|
|
|
def keys
|
|
|
|
index
|
2020-10-22 08:08:41 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2021-11-15 16:14:31 -05:00
|
|
|
def payload
|
2020-10-22 08:08:41 -04:00
|
|
|
[
|
|
|
|
# We keep openid_connect_signing_key so that we can seamlessly
|
|
|
|
# replace it with ci_jwt_signing_key and remove it on the next release.
|
|
|
|
# TODO: Remove openid_connect_signing_key in 13.7
|
|
|
|
# https://gitlab.com/gitlab-org/gitlab/-/issues/221031
|
|
|
|
Rails.application.secrets.openid_connect_signing_key,
|
|
|
|
Gitlab::CurrentSettings.ci_jwt_signing_key
|
|
|
|
].compact.map do |key_data|
|
|
|
|
OpenSSL::PKey::RSA.new(key_data)
|
|
|
|
.public_key
|
|
|
|
.to_jwk
|
|
|
|
.slice(:kty, :kid, :e, :n)
|
|
|
|
.merge(use: 'sig', alg: 'RS256')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|