dkam/clinch
1
0
Fork 0
Code Issues 2 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

JWT service

Browse Source
This commit is contained in:
Dan Milne
2025-10-23 20:39:45 +11:00
parent 7f075391c1
commit 8cbf0731e0
2 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/services/oidc_jwt_service.rb
View File

@@ -63,15 +63,17 @@ class OidcJwtService
# Get or generate RSA private key
def private_key
@private_key ||= begin
# Try to load from Rails credentials first
key_pem = Rails.application.credentials.oidc_private_key
if key_pem.present?
OpenSSL::PKey::RSA.new(key_pem)
# Try ENV variable first (best for Docker/Kamal)
if ENV["OIDC_PRIVATE_KEY"].present?
OpenSSL::PKey::RSA.new(ENV["OIDC_PRIVATE_KEY"])
# Then try Rails credentials
elsif Rails.application.credentials.oidc_private_key.present?
OpenSSL::PKey::RSA.new(Rails.application.credentials.oidc_private_key)
else
# Generate a new key for development
# In production, you should generate this once and store in credentials
Rails.logger.warn "OIDC: No private key found in credentials, generating new key (development only)"
# In production, you MUST set OIDC_PRIVATE_KEY env var or add to credentials
Rails.logger.warn "OIDC: No private key found in ENV or credentials, generating new key (development only)"
Rails.logger.warn "OIDC: Set OIDC_PRIVATE_KEY environment variable in production!"
OpenSSL::PKey::RSA.new(2048)
end
end