feat(jwt): allow setting custom settings paths

cubicweb_api/jwt_auth.py

@@ -9,5 +9,7 @@
 log = logging.getLogger(__name__)
 
 
-def create_jwt_policy(config: Configurator, prefix="cubicweb.auth.jwt"):
+def create_jwt_policy(
+    config: Configurator, prefix="cubicweb.auth.jwt", custom_paths: dict = None
+):
     cfg = config.registry.settings
@@ -13,7 +15,4 @@
     cfg = config.registry.settings
-    private_key_string = prefix + ".private_key"
-    if private_key_string not in cfg:
-        raise KeyError(private_key_string)
     keys = (
         "private_key",
         "public_key",
@@ -23,5 +22,13 @@
         "http_header",
         "auth_type",
     )
+    key_paths = {}
+    if custom_paths is None:
+        custom_paths = {}
+    for k in keys:
+        key_paths[k] = custom_paths.get(k, "{}.{}".format(prefix, k))
+    # private key is mandatory
+    if key_paths["private_key"] not in cfg:
+        raise KeyError(key_paths["private_key"])
     kwargs = {}
     for k in keys:
@@ -26,8 +33,7 @@
     kwargs = {}
     for k in keys:
-        key_path = "{}.{}".format(prefix, k)
-        if key_path in cfg:
-            kwargs[k] = cfg.get(key_path)
+        if key_paths[k] in cfg:
+            kwargs[k] = cfg.get(key_paths[k])
     auth_policy = JWTAuthenticationPolicy(**kwargs)
     cookie_policy = JWTCookieAuthenticationPolicy.make_from(
         auth_policy, cookie_name="CW_JWT", https_only=True, reissue_time=7200
@@ -55,7 +61,9 @@
 def setup_jwt(config: Configurator):
     config.include("pyramid_jwt")
     try:
-        policy = create_jwt_policy(config)
+        policy = create_jwt_policy(
+            config, custom_paths={"private_key": "cubicweb.auth.authtkt.session.secret"}
+        )
     except KeyError as e:
         log.warning(
             "Could not configure JWT policy: missing configuration key %s", str(e)