From dbf87bb880a0488777ffe3b88161a902ebb2d400 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Fri, 13 Sep 2024 15:14:06 +0200
Subject: [PATCH] fix ocm token
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 changelog/unreleased/fix-ocm-token.md             | 5 +++++
 services/ocm/pkg/config/config.go                 | 1 +
 services/ocm/pkg/config/defaults/defaultconfig.go | 8 ++++++++
 services/ocm/pkg/config/reva.go                   | 6 ++++++
 services/ocm/pkg/revaconfig/config.go             | 1 +
 5 files changed, 21 insertions(+)
 create mode 100644 changelog/unreleased/fix-ocm-token.md
 create mode 100644 services/ocm/pkg/config/reva.go

diff --git a/changelog/unreleased/fix-ocm-token.md b/changelog/unreleased/fix-ocm-token.md
new file mode 100644
index 00000000000..8d09a3baa97
--- /dev/null
+++ b/changelog/unreleased/fix-ocm-token.md
@@ -0,0 +1,5 @@
+Bugfix: Fixed the ocm tocken
+
+We now pass the JWT secret to the reva runtime.
+
+https://github.com/owncloud/ocis/pull/10050
diff --git a/services/ocm/pkg/config/config.go b/services/ocm/pkg/config/config.go
index 4c81695d4eb..b41c6eaf007 100644
--- a/services/ocm/pkg/config/config.go
+++ b/services/ocm/pkg/config/config.go
@@ -27,6 +27,7 @@ type Config struct {
 	ServiceAccount ServiceAccount        `yaml:"service_account"`
 	Events         Events                `yaml:"-"`
 
+	TokenManager                 *TokenManager                `yaml:"token_manager"`
 	Reva                         *shared.Reva                 `yaml:"reva"`
 	OCMD                         OCMD                         `yaml:"ocmd"`
 	ScienceMesh                  ScienceMesh                  `yaml:"sciencemesh"`
diff --git a/services/ocm/pkg/config/defaults/defaultconfig.go b/services/ocm/pkg/config/defaults/defaultconfig.go
index 311945edd52..1b4cdae30c5 100644
--- a/services/ocm/pkg/config/defaults/defaultconfig.go
+++ b/services/ocm/pkg/config/defaults/defaultconfig.go
@@ -165,6 +165,14 @@ func EnsureDefaults(cfg *config.Config) {
 		cfg.Reva = structs.CopyOrZeroValue(cfg.Commons.Reva)
 	}
 
+	if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
+		cfg.TokenManager = &config.TokenManager{
+			JWTSecret: cfg.Commons.TokenManager.JWTSecret,
+		}
+	} else if cfg.TokenManager == nil {
+		cfg.TokenManager = &config.TokenManager{}
+	}
+
 	if cfg.GRPCClientTLS == nil && cfg.Commons != nil {
 		cfg.GRPCClientTLS = structs.CopyOrZeroValue(cfg.Commons.GRPCClientTLS)
 	}
diff --git a/services/ocm/pkg/config/reva.go b/services/ocm/pkg/config/reva.go
new file mode 100644
index 00000000000..0c7396b045b
--- /dev/null
+++ b/services/ocm/pkg/config/reva.go
@@ -0,0 +1,6 @@
+package config
+
+// TokenManager is the config for using the reva token manager
+type TokenManager struct {
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCM_JWT_SECRET" desc:"The secret to mint and validate jwt tokens." introductionVersion:"pre5.0"`
+}
diff --git a/services/ocm/pkg/revaconfig/config.go b/services/ocm/pkg/revaconfig/config.go
index f50c17bbc24..7a7231df21b 100644
--- a/services/ocm/pkg/revaconfig/config.go
+++ b/services/ocm/pkg/revaconfig/config.go
@@ -11,6 +11,7 @@ import (
 func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]interface{} {
 	return map[string]interface{}{
 		"shared": map[string]interface{}{
+			"jwt_secret":          cfg.TokenManager.JWTSecret,
 			"gatewaysvc":          cfg.Reva.Address, // Todo or address?
 			"grpc_client_options": cfg.Reva.GetGRPCClientConfig(),
 		},