Working

alukach · alukach · commit c08f1dc73fad · 2025-03-22T00:01:27.000-07:00
diff --git a/examples/mock_oidc_server/app.py b/examples/mock_oidc_server/app.py
@@ -6,7 +6,7 @@
 import hashlib
 import json
 import os
-from datetime import datetime, timedelta
+from datetime import UTC, datetime, timedelta
 from pathlib import Path
 from typing import Optional
 from urllib.parse import urlencode
@@ -90,14 +90,12 @@ def int_to_base64url(value):
         {
             "keys": [
                 {
-                    "jwk": {
-                        "kty": "RSA",
-                        "use": "sig",
-                        "kid": "1",  # Key ID
-                        "alg": "RS256",
-                        "n": int_to_base64url(public_numbers.n),
-                        "e": int_to_base64url(public_numbers.e),
-                    },
+                    "kty": "RSA",
+                    "use": "sig",
+                    "kid": "1",  # Key ID
+                    "alg": "RS256",
+                    "n": int_to_base64url(public_numbers.n),
+                    "e": int_to_base64url(public_numbers.e),
                 }
             ]
         },
@@ -126,7 +124,7 @@ def generate_token(
     subject: str, expires_delta: timedelta = timedelta(minutes=15)
 ) -> str:
     """Generate a JWT token."""
-    now = datetime.now(datetime.UTC)
+    now = datetime.now(UTC)
     claims = {
         "iss": ISSUER,
         "sub": subject,
diff --git a/src/stac_auth_proxy/middleware/EnforceAuthMiddleware.py b/src/stac_auth_proxy/middleware/EnforceAuthMiddleware.py
@@ -55,6 +55,12 @@ def jwks_client(self) -> jwt.PyJWKClient:
                         netloc=oidc_url.netloc, scheme=oidc_url.scheme
                     )
                 )
+                if jwks_uri != oidc_config["jwks_uri"]:
+                    logger.warning(
+                        "JWKS URI has been rewritten from %s to %s",
+                        oidc_config["jwks_uri"],
+                        jwks_uri,
+                    )
                 self._jwks_client = jwt.PyJWKClient(jwks_uri)
             except httpx.HTTPStatusError as e:
                 logger.error(
@@ -131,8 +137,6 @@ def validate_token(
 
         # Parse & validate token
         try:
-            print(f"{token=}")
-            print(f"{ self.jwks_client.get_signing_key_from_jwt(token)=}")
             key = self.jwks_client.get_signing_key_from_jwt(token).key
             payload = jwt.decode(
                 token,
