From: Tom Hughes <tom@compton.nu>
Date: Tue, 3 Oct 2023 18:20:40 +0000 (+0100)
Subject: Configure signing key for OpenID Connect
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/34fa7af72d6aa3ea6ff7c236bbd35aadcfcfc306

Configure signing key for OpenID Connect
---

diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb
index 921ac3c6b..c5130a91a 100644
--- a/cookbooks/web/recipes/rails.rb
+++ b/cookbooks/web/recipes/rails.rb
@@ -148,6 +148,7 @@ rails_port "www.openstreetmap.org" do
   signup_ip_max_burst 48
   signup_email_per_day 1
   signup_email_max_burst 2
+  doorkeeper_signing_key web_passwords["openid_connect_key"].join("\n")
   # Requests to modify the imagery blacklist should come from the DWG only
   imagery_blacklist [
     # Current Google imagery URLs have google or googleapis in the domain
diff --git a/cookbooks/web/resources/rails_port.rb b/cookbooks/web/resources/rails_port.rb
index cf1f1a6b9..60c9cbbec 100644
--- a/cookbooks/web/resources/rails_port.rb
+++ b/cookbooks/web/resources/rails_port.rb
@@ -91,6 +91,7 @@ property :signup_ip_per_day, Integer
 property :signup_ip_max_burst, Integer
 property :signup_email_per_day, Integer
 property :signup_email_max_burst, Integer
+property :doorkeeper_signing_key, String
 
 action :create do
   package %W[
@@ -346,7 +347,8 @@ action :create do
     "signup_ip_per_day",
     "signup_ip_max_burst",
     "signup_email_per_day",
-    "signup_email_max_burst"
+    "signup_email_max_burst",
+    "doorkeeper_signing_key"
   ).compact.merge(
     "server_protocol" => "https",
     "server_url" => new_resource.site,