secret key rotation: fix key list ordering

jayaddison · pgjones · commit 77411ad5c9c4 · 2025-08-02T15:21:49.000Z
The `itsdangerous` serializer interface[1] expects keys to be provided with the oldest key at index zero and the active signing key at the end of the list. [1] - https://itsdangerous.palletsprojects.com/en/stable/serializer/#itsdangerous.serializer.Serializer (cherry picked from commit pallets/flask@fb54159) Conflicts: CHANGES.rst src/flask/sessions.py tests/test_basic.py
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -1,3 +1,10 @@
+0.11.1 (Unreleased)
+-------------------
+
+* Flask backport: Fix signing key selection order when key rotation is enabled
+  via ``SECRET_KEY_FALLBACKS``.
+  <https://github.com/pallets/flask/security/advisories/GHSA-4grg-w6v8-c28g>
+
 0.11.0 2024-12-26
 -----------------
 
diff --git a/src/quart_auth/extension.py b/src/quart_auth/extension.py
@@ -205,11 +205,13 @@ def load_token(self, token: str, app: Optional[Quart] = None) -> Optional[str]:
         if app is None:
             app = current_app
 
-        keys = [app.secret_key]
+        keys = []
 
         if fallbacks := app.config.get("SECRET_KEY_FALLBACKS"):
             keys.extend(fallbacks)
 
+        keys.append(app.secret_key)  # itsdangerous expects current key at top
+
         serializer = self.serializer_class(keys, self.salt)  # type: ignore[arg-type]
         try:
             return serializer.loads(token, max_age=self.duration)
