Skip to content

C
configuration
Commit e7f6769c by Clinton Blackburn Committed by Clinton Blackburn
Options

Using central JWT issuer for Credentials API JWT validation 

The Credentials Service now relies solely on the central JWT issuer (e.g. LMS) for issuing tokens, rather than a service-specific issuer. The JWT authentication override has been removed.

LEARNER-3441
parent 893aadf1
Showing with 0 additions and 11 deletions
playbooks/roles/credentials/defaults/main.yml
...@@ -57,16 +57,6 @@ CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_KEY: 'credentials-key' ...@@ -57,16 +57,6 @@ CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_KEY: 'credentials-key'
CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET: 'credentials-secret' CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET: 'credentials-secret'
CREDENTIALS_SOCIAL_AUTH_REDIRECT_IS_HTTPS: false CREDENTIALS_SOCIAL_AUTH_REDIRECT_IS_HTTPS: false
# TODO Remove this override when LEARNER-3441 is completed.
CREDENTIALS_JWT_AUTH:
JWT_ISSUERS:
- AUDIENCE: '{{ COMMON_JWT_AUDIENCE }}'
ISSUER: '{{ COMMON_JWT_ISSUER }}'
SECRET_KEY: '{{ COMMON_JWT_SECRET_KEY }}'
- AUDIENCE: '{{ CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_KEY }}'
ISSUER: '{{ COMMON_JWT_ISSUER }}'
SECRET_KEY: '{{ CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET }}'
CREDENTIALS_SERVICE_USER: 'credentials_service_user' CREDENTIALS_SERVICE_USER: 'credentials_service_user'
# NOTE: The Credentials Service reads the FILE_STORAGE_BACKEND setting, stored in the CREDENTIALS_FILE_STORAGE_BACKEND # NOTE: The Credentials Service reads the FILE_STORAGE_BACKEND setting, stored in the CREDENTIALS_FILE_STORAGE_BACKEND
......
playbooks/roles/credentials/meta/main.yml
...@@ -40,4 +40,3 @@ dependencies: ...@@ -40,4 +40,3 @@ dependencies:
edx_django_service_automated_users: '{{ CREDENTIALS_AUTOMATED_USERS }}' edx_django_service_automated_users: '{{ CREDENTIALS_AUTOMATED_USERS }}'
edx_django_service_cors_whitelist: '{{ CREDENTIALS_CORS_ORIGIN_WHITELIST }}' edx_django_service_cors_whitelist: '{{ CREDENTIALS_CORS_ORIGIN_WHITELIST }}'
edx_django_service_post_migrate_commands: '{{ credentials_post_migrate_commands }}' edx_django_service_post_migrate_commands: '{{ credentials_post_migrate_commands }}'
edx_django_service_jwt_auth: '{{ CREDENTIALS_JWT_AUTH }}'
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment