feat: add new option JWT_SIGNING_ALGORITHM (gitea v1.15)

2021-07-08 10:20:36 +02:00 · 2021-07-08 10:20:36 +02:00 · df94ab94fb
parent e0431ad430
commit df94ab94fb
2 changed files with 7 additions and 4 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -251,11 +251,13 @@ gitea_access_token_expiration_time: 3600
 gitea_refresh_token_expiration_time: 730
 gitea_invalidate_refresh_tokens: False

-# @bar gitea_jwt_secret:description: >
-# OAuth2 authentication secret for access and refresh tokens.
-# Should be replaced by your own secret.
+gitea_jwt_signing_algorithm: RS256
+
+# @var gitea_jwt_secret:description: >
+# OAuth2 authentication secret for access and refresh tokens. Should be replaced by your own secret.
+# Only works if `gitea_jwt_signing_algorithm` is set to HS256, HS384 or HS512.
 # @end
-gitea_jwt_secret: Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU
+# @var gitea_jwt_secret:example: $ "Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU"

 gitea_metrics_enabled: False
 # @var gitea_metrics_token:description: If you want to add authorization, specify a token here.
--- a/templates/custom/conf/app.ini.j2
+++ b/templates/custom/conf/app.ini.j2
@ -281,6 +281,7 @@ ENABLE = true
 ACCESS_TOKEN_EXPIRATION_TIME = {{ gitea_access_token_expiration_time }}
 REFRESH_TOKEN_EXPIRATION_TIME = {{ gitea_refresh_token_expiration_time }}
 INVALIDATE_REFRESH_TOKENS = {{ gitea_invalidate_refresh_tokens | bool | lower }}
+JWT_SIGNING_ALGORITHM = {{ gitea_jwt_signing_algorithm }}
 JWT_SECRET = {{ gitea_jwt_secret }}
 {% else %}
 [oauth2]