From 90db8dad5e80f598b1db97b1d6484751b6f5efb7 Mon Sep 17 00:00:00 2001 From: "Kyle D. McCormick" Date: Fri, 20 Oct 2023 14:36:00 -0400 Subject: [PATCH] fix: include full-complement paramters in ``JWT_PRIVATE_SIGNING_JWK`` Addresses the breaking upstream change in this commit: https://github.com/openedx/edx-platform/commit/92731be0dc69d82cc4ec5b9c511e86df9aa9e632 See Changelog entry for details. --- changelog.d/20231020_143112_kyle_jwk_full_complement.md | 1 + tutor/templates/apps/openedx/settings/partials/common_all.py | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 changelog.d/20231020_143112_kyle_jwk_full_complement.md diff --git a/changelog.d/20231020_143112_kyle_jwk_full_complement.md b/changelog.d/20231020_143112_kyle_jwk_full_complement.md new file mode 100644 index 0000000000..162b89db40 --- /dev/null +++ b/changelog.d/20231020_143112_kyle_jwk_full_complement.md @@ -0,0 +1 @@ +- [Bugfix] Updated how the Tutor setting ``JWT_RSA_PRIVATE_KEY`` is rendered into the LMS Django setting ``JWT_AUTH['JWT_PRIVATE_SIGNING_JWK']`` as required by a recent breaking upstream change. The new representation of the ``JWT_PRIVATE_SIGNING_JWK`` simply adds the ``dq``, ``dp``, and ``qi`` parameters. Without this fix, LMS would encounter an ``InvalidKeyError`` on all logins (by @kdmccormick). diff --git a/tutor/templates/apps/openedx/settings/partials/common_all.py b/tutor/templates/apps/openedx/settings/partials/common_all.py index b1d5a9f82a..c9b747a89f 100644 --- a/tutor/templates/apps/openedx/settings/partials/common_all.py +++ b/tutor/templates/apps/openedx/settings/partials/common_all.py @@ -189,6 +189,9 @@ "n": "{{ jwt_rsa_key.n|long_to_base64 }}", "p": "{{ jwt_rsa_key.p|long_to_base64 }}", "q": "{{ jwt_rsa_key.q|long_to_base64 }}", + "dq": "{{ jwt_rsa_key.dq|long_to_base64 }}", + "dp": "{{ jwt_rsa_key.dp|long_to_base64 }}", + "qi": "{{ jwt_rsa_key.invq|long_to_base64 }}", } ) JWT_AUTH["JWT_PUBLIC_SIGNING_JWK_SET"] = json.dumps(