From 38245f9907ff603f488857991645f1c5dc4ece21 Mon Sep 17 00:00:00 2001
From: Salomon Popp <salomon.popp@bakdata.com>
Date: Tue, 12 Mar 2024 17:57:02 +0000
Subject: [PATCH] Allow custom key paths

---
 keycloak_oauth/__init__.py                           | 12 +++++++-----
 keypair.pem => tests/resources/keycloak/keypair.pem  |  0
 .../resources/keycloak/publickey.crt                 |  0
 tests/test_oauth_signed_jwt.py                       |  4 +++-
 4 files changed, 10 insertions(+), 6 deletions(-)
 rename keypair.pem => tests/resources/keycloak/keypair.pem (100%)
 rename publickey.crt => tests/resources/keycloak/publickey.crt (100%)

diff --git a/keycloak_oauth/__init__.py b/keycloak_oauth/__init__.py
index 1a49751..d423558 100644
--- a/keycloak_oauth/__init__.py
+++ b/keycloak_oauth/__init__.py
@@ -56,13 +56,15 @@ def __init__(
         assert isinstance(oauth.keycloak, StarletteOAuth2App)
         self.keycloak = oauth.keycloak
 
-    async def setup_signed_jwt(self) -> None:
-        # Generated via `openssl genrsa - out keypair.pem 2048`
-        self.keycloak.client_secret = Path("keypair.pem").read_bytes()
+    async def setup_signed_jwt(self, keypair: Path, public_key: Path) -> None:
+        """Setup client authentication for signed JWT.
 
-        # Generated via `openssl rsa -in keypair.pem -pubout -out publickey.crt`
+        :param keypair: Path to keypair.pem, generated via `openssl genrsa - out keypair.pem 2048`
+        :param public_key: Path to publickey.crt, generated via `openssl rsa -in keypair.pem -pubout -out publickey.crt`
+        """
+        self.keycloak.client_secret = keypair.read_bytes()
         self.pub = JsonWebKey.import_key(
-            Path("publickey.crt").read_text(), {"kty": "RSA", "use": "sig"}
+            public_key.read_text(), {"kty": "RSA", "use": "sig"}
         ).as_dict()
 
         metadata = await self.keycloak.load_server_metadata()
diff --git a/keypair.pem b/tests/resources/keycloak/keypair.pem
similarity index 100%
rename from keypair.pem
rename to tests/resources/keycloak/keypair.pem
diff --git a/publickey.crt b/tests/resources/keycloak/publickey.crt
similarity index 100%
rename from publickey.crt
rename to tests/resources/keycloak/publickey.crt
diff --git a/tests/test_oauth_signed_jwt.py b/tests/test_oauth_signed_jwt.py
index c103ac1..f7c2a8d 100644
--- a/tests/test_oauth_signed_jwt.py
+++ b/tests/test_oauth_signed_jwt.py
@@ -65,7 +65,9 @@ async def client(self, app: FastAPI, keycloak: KeycloakAdmin) -> TestClient:
                 "scope": "openid profile email",
             },
         )
-        await keycloak_oauth.setup_signed_jwt()
+        await keycloak_oauth.setup_signed_jwt(
+            self.RESOURCES_PATH / "keypair.pem", self.RESOURCES_PATH / "publickey.crt"
+        )
         keycloak_oauth.setup_fastapi_routes()
         app.include_router(keycloak_oauth.router, prefix="/auth")
         app.add_middleware(SessionMiddleware, secret_key="!secret")