Use the instance service key for registry JWT signing

endpoints/v2/v2auth.py

@@ -3,7 +3,7 @@ import re
 
 from flask import request, jsonify, abort
 
-from app import app, userevents
+from app import app, userevents, instance_keys
 from data import model
 from auth.auth import process_auth
 from auth.auth_context import get_authenticated_user, get_validated_token, get_validated_oauth_token
@@ -14,7 +14,7 @@ from endpoints.v2 import v2_bp
 from endpoints.decorators import anon_protect
 from util.cache import no_cache
 from util.names import parse_namespace_repository, REPOSITORY_NAME_REGEX
-from util.security.registry_jwt import generate_jwt_object, build_context_and_subject
+from util.security.registry_jwt import generate_bearer_token, build_context_and_subject
 
 
 logger = logging.getLogger(__name__)
@@ -152,8 +152,6 @@ def generate_registry_jwt():
 
   # Build the signed JWT.
   context, subject = build_context_and_subject(user, token, oauthtoken)
-
-  jwt_obj = generate_jwt_object(audience_param, subject, context, access, TOKEN_VALIDITY_LIFETIME_S,
-                                app.config)
-
-  return jsonify({'token': jwt_obj})
+  token = generate_bearer_token(audience_param, subject, context, access,
+                                TOKEN_VALIDITY_LIFETIME_S, instance_keys)
+  return jsonify({'token': token})