Updated credentials to use client-specific JWT issuer

LEARNER-3165

Updated credentials to use client-specific JWT issuer
LEARNER-3165
31c4eb3e · Clinton Blackburn · Clinton Blackburn · ebf3c163 · 31c4eb3e · 31c4eb3e
Commit 31c4eb3e authored Dec 04, 2017 by Clinton Blackburn Committed by Clinton Blackburn Dec 04, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 0 deletions

playbooks/roles/credentials/defaults/main.yml
+10 -0

playbooks/roles/credentials/meta/main.yml
+1 -0

No files found.
--- a/playbooks/roles/credentials/defaults/main.yml
+++ b/playbooks/roles/credentials/defaults/main.yml
@@ -57,6 +57,16 @@ CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_KEY: 'credentials-key'
 CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET: 'credentials-secret'
 CREDENTIALS_SOCIAL_AUTH_REDIRECT_IS_HTTPS: false

+# TODO Remove this override when LEARNER-3441 is completed.
+CREDENTIALS_JWT_AUTH:
+  JWT_ISSUERS:
+    - AUDIENCE: '{{ COMMON_JWT_AUDIENCE }}'
+      ISSUER: '{{ COMMON_JWT_ISSUER }}'
+      SECRET_KEY: '{{ COMMON_JWT_SECRET_KEY }}'
+    - AUDIENCE: '{{ CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_KEY }}'
+      ISSUER: '{{ COMMON_JWT_ISSUER }}'
+      SECRET_KEY: '{{ CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET }}'
+
 CREDENTIALS_SERVICE_USER: 'credentials_service_user'

 # NOTE: The Credentials Service reads the FILE_STORAGE_BACKEND setting, stored in the CREDENTIALS_FILE_STORAGE_BACKEND

--- a/playbooks/roles/credentials/meta/main.yml
+++ b/playbooks/roles/credentials/meta/main.yml
@@ -40,3 +40,4 @@ dependencies:
    edx_django_service_automated_users: '{{ CREDENTIALS_AUTOMATED_USERS }}'
    edx_django_service_cors_whitelist: '{{ CREDENTIALS_CORS_ORIGIN_WHITELIST }}'
    edx_django_service_post_migrate_commands: '{{ credentials_post_migrate_commands }}'
+    edx_django_service_jwt_auth: '{{ CREDENTIALS_JWT_AUTH }}'