better oauth secret management

2023-12-23 02:41:26 +01:00 · 2023-12-23 02:41:26 +01:00 · 632158b566
commit 632158b566
parent 85d04478d1
4 changed files with 14 additions and 10 deletions
--- a/lenticular_cloud/config_development.toml
+++ b/lenticular_cloud/config_development.toml
@ -23,6 +23,7 @@ HYDRA_PUBLIC_URL = 'http://127.0.0.1:8082'
 SUBJECT_PREFIX = 'something random'

 OAUTH_ID = 'identiy_provider'
+OAUTH_SECRET = 'thisIsNotSecure'


 [LENTICULAR_CLOUD_SERVICES.jabber]
--- a/lenticular_cloud/hydra.py
+++ b/lenticular_cloud/hydra.py
@ -23,7 +23,7 @@ class HydraService:
        self.set_hydra_client(Client(base_url=app.config['HYDRA_ADMIN_URL']))

        client_name = app.config['OAUTH_ID']
-        client_secret = token_hex(16)
+        client_secret = app.config['OAUTH_SECRET']

        clients = list_o_auth_2_clients.sync_detailed(_client=self.hydra_client).parsed
        if clients is None:
@ -48,12 +48,12 @@ class HydraService:
            )
            ret = create_o_auth_2_client.sync(json_body=client, _client=self.hydra_client)
            if ret is None:
-                raise RuntimeError("could not crate account")
+                raise RuntimeError("could not create account")
        else:
            client.client_secret = client_secret
-            ret = set_o_auth_2_client.sync(id=client.client_id,json_body=client, _client=self.hydra_client)
+            ret = set_o_auth_2_client.sync(id=client.client_id, json_body=client, _client=self.hydra_client)
            if ret is None:
-                raise RuntimeError("could not crate account")
+                raise RuntimeError("could not update account")
        if type(client.client_id) is not str:
            raise RuntimeError("could not parse client_id from ory-hydra")
        self.client_id = client.client_id