From 1540d3c8a4272b9add46b7854a9da763069b0f1a Mon Sep 17 00:00:00 2001 From: Clinton Blackburn Date: Mon, 4 Dec 2017 17:32:26 -0500 Subject: [PATCH] Using standard JWT issuer for calls to Credentials Service The client-specific JWT doesn't really make any sense and only causes issues due to needing to configure both. This change updates LMS to use the standard issuer. LEARNER-3441 --- .../core/djangoapps/programs/tasks/v1/tasks.py | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/openedx/core/djangoapps/programs/tasks/v1/tasks.py b/openedx/core/djangoapps/programs/tasks/v1/tasks.py index 8570401236..3a60cb2d7a 100644 --- a/openedx/core/djangoapps/programs/tasks/v1/tasks.py +++ b/openedx/core/djangoapps/programs/tasks/v1/tasks.py @@ -27,32 +27,21 @@ ROUTING_KEY = getattr(settings, 'CREDENTIALS_GENERATION_ROUTING_KEY', None) MAX_RETRIES = 11 -def get_api_client(api_config, student): +def get_api_client(api_config, user): """ Create and configure an API client for authenticated HTTP requests. Args: api_config: CredentialsApiConfig object - student: User object as whom to authenticate to the API + user: User object as whom to authenticate to the API Returns: EdxRestApiClient """ - # TODO: Use the system's JWT_AUDIENCE and JWT_SECRET_KEY instead of client ID and name. - client_name = api_config.OAUTH2_CLIENT_NAME - - try: - client = Client.objects.get(name=client_name) - except Client.DoesNotExist: - raise ImproperlyConfigured( - 'OAuth2 Client with name [{}] does not exist.'.format(client_name) - ) - scopes = ['email', 'profile'] expires_in = settings.OAUTH_ID_TOKEN_EXPIRATION - jwt = JwtBuilder(student, secret=client.client_secret).build_token(scopes, expires_in, aud=client.client_id) - + jwt = JwtBuilder(user).build_token(scopes, expires_in) return EdxRestApiClient(api_config.internal_api_url, jwt=jwt)