From 0a89d64e6a78f6fbd79e8e7c347118991aadee70 Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Thu, 2 Jul 2020 18:49:25 +0200
Subject: [PATCH] Insert kid in jwks

---
 hiboo/sso/oidc.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hiboo/sso/oidc.py b/hiboo/sso/oidc.py
index dadab667..dcfb8148 100644
--- a/hiboo/sso/oidc.py
+++ b/hiboo/sso/oidc.py
@@ -16,6 +16,7 @@ from hiboo import models, utils, profile, security
 import flask
 import time
 import inspect
+import uuid
 
 
 RSA_KEY_LENGTH = 2048
@@ -31,9 +32,10 @@ def fill_service(service):
         )
     if "jwt_public_key" not in service.config:
         key, public, _ = generate_rsa_certificate(service.uuid)
+        kid = {"kid": str(uuid.uuid4())}
         service.config.update(
-            jwt_key=jwk.dumps(key, kty="RSA"),
-            jwt_public_key=jwk.dumps(public, kty="RSA"),
+            jwt_key={**kid, **jwk.dumps(key, kty="RSA")},
+            jwt_public_key={**kid, **jwk.dumps(public, kty="RSA")},
             jwt_alg="RS256"
         )
 
-- 
GitLab