change RS256 algorithm

auth_prj/settings.py

@@ -169,12 +169,36 @@ TEMPLATES = [
 
 WSGI_APPLICATION = 'auth_prj.wsgi.application'
 
-SIMPLE_JWT = {
-    "ACCESS_TOKEN_LIFETIME": timedelta(minutes=5),
-    "REFRESH_TOKEN_LIFETIME": timedelta(days=1),
-    "ROTATE_REFRESH_TOKENS": True,
-    "BLACKLIST_AFTER_ROTATION": True, # 사용한 토큰은 갱신하면 블랙리스트처리됨
-}
+# JWT 설정
+# https://django-rest-framework-simplejwt.readthedocs.io/en/latest/settings.html
+# istio jwt token check 
+ISTIO_JWT = os.environ.get("ISTIO_JWT", "0") == "1"
+
+if ISTIO_JWT:
+    # RS256 모드 
+    # 운영환경에서 key파일은 POD mount로 적용하는게 안전
+    with open(BASE_DIR / "keys/private.pem", "r") as f:
+        PRIVATE_KEY = f.read()
+    with open(BASE_DIR / "keys/public.pem", "r") as f:
+        PUBLIC_KEY = f.read()
+
+    SIMPLE_JWT = {
+        "ALGORITHM": "RS256",
+        "SIGNING_KEY": PRIVATE_KEY,
+        "VERIFYING_KEY": PUBLIC_KEY,
+        "ISSUER": "msa-user",
+        "ACCESS_TOKEN_LIFETIME": timedelta(minutes=30),  
+        "REFRESH_TOKEN_LIFETIME": timedelta(days=1),
+        "ROTATE_REFRESH_TOKENS": True,
+        "BLACKLIST_AFTER_ROTATION": True, # 사용한 토큰은 갱신하면 블랙리스트처리됨
+    }
+else:
+    SIMPLE_JWT = {
+        "ACCESS_TOKEN_LIFETIME": timedelta(minutes=5),
+        "REFRESH_TOKEN_LIFETIME": timedelta(days=1),
+        "ROTATE_REFRESH_TOKENS": True,
+        "BLACKLIST_AFTER_ROTATION": True, # 사용한 토큰은 갱신하면 블랙리스트처리됨
+    }
 
 DATABASES = {
     "default": {