refactor: authorize unsigned JWT in requests

author: mo khan <mo@mokhan.ca> 2025-03-15 15:20:53 -0600
committer: mo khan <mo@mokhan.ca> 2025-03-15 15:20:53 -0600
commit: b27894fcfee8a8422ca191ccd87f641eb8befcf0 (patch)
tree: 503b19478f05ca2433082a3c9838e0c6ae401772 /policy.csv
parent: 80f1b83544b3482cbcdab8cdf521a92f2afdfa16 (diff)
1 files changed, 9 insertions, 6 deletions
diff --git a/policy.csv b/policy.csv
index e662398a..ce661d95 100644
--- a/policy.csv
+++ b/policy.csv
@@ -1,8 +1,11 @@
-p, "\A[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}\z", api.example.com, (GET)|(POST)|(PATCH)|(PUT)|(DELETE)|(HEAD), /*
+p, "\Agid:\/\/[a-z]+\/[A-Za-z:]+\/[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}\z", api.example.com, (GET)|(POST)|(PATCH)|(PUT)|(DELETE)|(HEAD), /*.json
 p, *, *, (GET)|(HEAD), /health
 p, *, *, GET, /.well-known/*
-p, *, idp.example.com, (GET)|(POST), /oauth/*
-p, *, idp.example.com, (GET)|(POST), /saml/*
-p, *, ui.example.com, (GET)|(POST), /oauth/*
-p, *, ui.example.com, (GET)|(POST), /saml/*
-p, 71cbc18e-bd41-4229-9ad2-749546a2a4a7, *, *, /*
+p, *, *, GET, /favicon.ico
+p, "\Agid:\/\/[a-z]+\/[A-Za-z:]+\/[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}\z", idp.example.com, (GET)|(POST)|(PATCH)|(PUT)|(DELETE)|(HEAD), /twirp/authx.rpc.*
+p, *, idp.example.com, (GET)|(POST), /oauth*
+p, *, idp.example.com, (GET)|(POST), /saml*
+p, *, idp.example.com, (GET)|(POST), /sessions*
+p, *, ui.example.com, (GET)|(POST), /oauth*
+p, *, ui.example.com, (GET)|(POST), /oidc*
+p, *, ui.example.com, (GET)|(POST), /saml*
author	mo khan <mo@mokhan.ca>	2025-03-15 15:20:53 -0600
committer	mo khan <mo@mokhan.ca>	2025-03-15 15:20:53 -0600
commit	b27894fcfee8a8422ca191ccd87f641eb8befcf0 (patch)
tree	503b19478f05ca2433082a3c9838e0c6ae401772 /policy.csv
parent	80f1b83544b3482cbcdab8cdf521a92f2afdfa16 (diff)