Private JWK files were written under the default umask (observed 0664 — group and world readable). Create the key directory 0700, chmod private key files (private_jwks.json, token_jwks.json) to 0600 after they are written, and refuse to start if a pre-existing private key is group/world accessible. Tests now use an isolated per-test key directory. Refs: porchlight-91i Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| test_app_integration.py | ||
| test_authorization.py | ||
| test_claims.py | ||
| test_consent_flow.py | ||
| test_discovery.py | ||
| test_e2e_flow.py | ||
| test_login_oidc_redirect.py | ||
| test_provider.py | ||
| test_token.py | ||
| test_userinfo.py | ||