Skip to content

Commit

Permalink
docs(authorization): some more documentation after review
Browse files Browse the repository at this point in the history
  • Loading branch information
slisson committed Dec 11, 2024
1 parent ce06948 commit a6bf536
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -85,16 +85,22 @@ interface IModelixAuthorizationConfig {
var jwkUri: URI?

/**
* The ID of the public key for the RSA signature.
* If set, only this key is allowed to sign tokens, even if the jwkUri provides multiple keys.
*/
@Deprecated("The key ID is supposed to be retrieved from the token")
@Deprecated("Untrusted keys shouldn't even be return by the jwkUri or configured in some other way")
var jwkKeyId: String?

/**
* Defines the available permissions and their relations.
*/
var permissionSchema: Schema

/**
* Via /permissions/manage, users can grant permissions to ID tokens.
* By default, changes are not persisted.
* As an alternative to this configuration option, the environment variable MODELIX_ACCESS_CONTROL_FILE can be used
* to write changes to disk.
*/
var accessControlPersistence: IAccessControlPersistence

/**
Expand Down Expand Up @@ -213,7 +219,7 @@ private fun getBooleanFromEnv(name: String): Boolean? {

internal fun ByteArray.repeatBytes(minimumSize: Int): ByteArray {
if (size >= minimumSize) return this
val repeated = ByteArray(((size / 256) + 1) * 256)
val repeated = ByteArray(minimumSize)
for (i in repeated.indices) repeated[i] = this[i % size]
return repeated
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ class ModelixJWTUtil {
}

fun addHmacKey(key: String, algorithm: JWSAlgorithm) {
// nimbusds checks for weak keys that are shorter than 256 bytes
addHmacKey(key.toByteArray().ensureMinSecretLength(algorithm), algorithm)
}

Expand Down

0 comments on commit a6bf536

Please sign in to comment.