From 3ff1875d2a85042ce09c1a37e79f92b6ecb6a7de Mon Sep 17 00:00:00 2001
From: Salomon Popp <salomon.popp@bakdata.com>
Date: Mon, 4 Mar 2024 15:38:11 +0000
Subject: [PATCH] Create async function `setup_signed_jwt`

---
 keycloak_oauth/__init__.py | 40 +++++++++++++++++---------------------
 1 file changed, 18 insertions(+), 22 deletions(-)

diff --git a/keycloak_oauth/__init__.py b/keycloak_oauth/__init__.py
index 00aebac..6f16319 100644
--- a/keycloak_oauth/__init__.py
+++ b/keycloak_oauth/__init__.py
@@ -37,28 +37,6 @@ def __init__(
 
         oauth = OAuth()
 
-        # TODO pass properly
-        # Generated via `openssl genrsa - out keypair.pem 2048`
-        if not client_secret:
-            client_secret = Path("keypair.pem").read_bytes()
-
-            # Generated via `openssl rsa -in keypair.pem -pubout -out publickey.crt`
-            self.pub = JsonWebKey.import_key(
-                Path("publickey.crt").read_text(), {"kty": "RSA", "use": "sig"}
-            ).as_dict()
-
-            # TODO call self.keycloak.load_server_metadata() and get token_endpoint
-            token_endpoint = (
-                "http://localhost:8180/realms/bakdata/protocol/openid-connect/token"
-            )
-            auth_method = PrivateKeyJWT(token_endpoint)
-            client_kwargs.update(
-                {
-                    "client_auth_methods": [auth_method],
-                    "token_endpoint_auth_method": auth_method.name,
-                }
-            )
-
         oauth.register(
             name="keycloak",
             # client_id and client_secret are created in keycloak
@@ -72,6 +50,24 @@ def __init__(
         assert isinstance(oauth.keycloak, StarletteOAuth2App)
         self.keycloak = oauth.keycloak
 
+    async def setup_signed_jwt(self) -> None:
+        # Generated via `openssl genrsa - out keypair.pem 2048`
+        self.keycloak.client_secret = Path("keypair.pem").read_bytes()
+
+        # Generated via `openssl rsa -in keypair.pem -pubout -out publickey.crt`
+        self.pub = JsonWebKey.import_key(
+            Path("publickey.crt").read_text(), {"kty": "RSA", "use": "sig"}
+        ).as_dict()
+
+        metadata = await self.keycloak.load_server_metadata()
+        auth_method = PrivateKeyJWT(metadata["token_endpoint"])
+        self.keycloak.client_kwargs.update(
+            {
+                "client_auth_methods": [auth_method],
+                "token_endpoint_auth_method": auth_method.name,
+            }
+        )
+
     def setup_fastapi_routes(self) -> None:
         """Create FastAPI router and register API endpoints."""
         import fastapi