Insert kid in jwks

0a89d64e · kaiyou · 8da4048a · 0a89d64e
Commit 0a89d64e authored 4 years ago by kaiyou
--- a/hiboo/sso/oidc.py
+++ b/hiboo/sso/oidc.py
@@ -16,6 +16,7 @@ from hiboo import models, utils, profile, security
 import flask
 import time
 import inspect
+import uuid
 RSA_KEY_LENGTH = 2048
@@ -31,9 +32,10 @@ def fill_service(service):
        )
    if "jwt_public_key" not in service.config:
        key, public, _ = generate_rsa_certificate(service.uuid)
+        kid = {"kid": str(uuid.uuid4())}
        service.config.update(
-            jwt_key=jwk.dumps(key, kty="RSA"),
+            jwt_key={**kid, **jwk.dumps(key, kty="RSA")},
-            jwt_public_key=jwk.dumps(public, kty="RSA"),
+            jwt_public_key={**kid, **jwk.dumps(public, kty="RSA")},
            jwt_alg="RS256"
        )