configure trellis properly for JWT decoding - Githubissues

LD4P / sinopia_server

[Deprecated - switching to MongoDB] Sinopia Back-end CRUD Service. LDP-inspired, HTTP Server taking JSON-LD resources & administrative metadata.

Apache License 2.0

1 stars 1 forks source link

configure trellis properly for JWT decoding #70

Closed jmartin-sul closed 5 years ago

jmartin-sul commented 5 years ago

this requires specifying the URL for the JWKS, see: https://github.com/trellis-ldp/trellis/tree/master/auth/oauth https://github.com/trellis-ldp/trellis/wiki/App-Configuration-Guide

(docs are from base trellis project, but should also apply to trellis-ext-db, the trellis flavor we're currently using)

jmartin-sul commented 5 years ago

URL for our JWKS, per amazon docs:

Amazon Cognito generates two RSA key pairs for each user pool. The private key of each pair is used to sign the respective ID token or access token. The public keys are made available at an address in this format:
https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json

https://aws.amazon.com/premiumsupport/knowledge-center/decode-verify-cognito-json-token/

jmartin-sul commented 5 years ago

remaining work:

[x] terraform PR to provide expected env vars to trellis-ext-db container on AWS (see #72 for expected env vars: https://github.com/LD4P/sinopia_server/pull/72/files#diff-44bdc1e66db682dcf4a47080c3d378f3R85)
[x] build, tag, and push an updated version of our ld4p/trellis-ext-db docker image

jmartin-sul commented 5 years ago

updated ld4p/trellis-ext-db image has been pushed to dockerhub.

jmartin-sul commented 5 years ago

closed, filed #88 for deploying updated env and image