Allow custom key paths

keycloak_oauth/__init__.py

@@ -56,13 +56,15 @@ def __init__(
         assert isinstance(oauth.keycloak, StarletteOAuth2App)
         self.keycloak = oauth.keycloak
 
-    async def setup_signed_jwt(self) -> None:
-        # Generated via `openssl genrsa - out keypair.pem 2048`
-        self.keycloak.client_secret = Path("keypair.pem").read_bytes()
+    async def setup_signed_jwt(self, keypair: Path, public_key: Path) -> None:
+        """Setup client authentication for signed JWT.
 
-        # Generated via `openssl rsa -in keypair.pem -pubout -out publickey.crt`
+        :param keypair: Path to keypair.pem, generated via `openssl genrsa - out keypair.pem 2048`
+        :param public_key: Path to publickey.crt, generated via `openssl rsa -in keypair.pem -pubout -out publickey.crt`
+        """
+        self.keycloak.client_secret = keypair.read_bytes()
         self.pub = JsonWebKey.import_key(
-            Path("publickey.crt").read_text(), {"kty": "RSA", "use": "sig"}
+            public_key.read_text(), {"kty": "RSA", "use": "sig"}
         ).as_dict()
 
         metadata = await self.keycloak.load_server_metadata()

tests/test_oauth_signed_jwt.py

@@ -65,7 +65,9 @@ async def client(self, app: FastAPI, keycloak: KeycloakAdmin) -> TestClient:
                 "scope": "openid profile email",
             },
         )
-        await keycloak_oauth.setup_signed_jwt()
+        await keycloak_oauth.setup_signed_jwt(
+            self.RESOURCES_PATH / "keypair.pem", self.RESOURCES_PATH / "publickey.crt"
+        )
         keycloak_oauth.setup_fastapi_routes()
         app.include_router(keycloak_oauth.router, prefix="/auth")
         app.add_middleware(SessionMiddleware, secret_key="!secret")