From b27894fcfee8a8422ca191ccd87f641eb8befcf0 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Sat, 15 Mar 2025 15:20:53 -0600
Subject: refactor: authorize unsigned JWT in requests

---
 policy.csv | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'policy.csv')

diff --git a/policy.csv b/policy.csv
index e662398..ce661d9 100644
--- a/policy.csv
+++ b/policy.csv
@@ -1,8 +1,11 @@
-p, "\A[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}\z", api.example.com, (GET)|(POST)|(PATCH)|(PUT)|(DELETE)|(HEAD), /*
+p, "\Agid:\/\/[a-z]+\/[A-Za-z:]+\/[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}\z", api.example.com, (GET)|(POST)|(PATCH)|(PUT)|(DELETE)|(HEAD), /*.json
 p, *, *, (GET)|(HEAD), /health
 p, *, *, GET, /.well-known/*
-p, *, idp.example.com, (GET)|(POST), /oauth/*
-p, *, idp.example.com, (GET)|(POST), /saml/*
-p, *, ui.example.com, (GET)|(POST), /oauth/*
-p, *, ui.example.com, (GET)|(POST), /saml/*
-p, 71cbc18e-bd41-4229-9ad2-749546a2a4a7, *, *, /*
+p, *, *, GET, /favicon.ico
+p, "\Agid:\/\/[a-z]+\/[A-Za-z:]+\/[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}\z", idp.example.com, (GET)|(POST)|(PATCH)|(PUT)|(DELETE)|(HEAD), /twirp/authx.rpc.*
+p, *, idp.example.com, (GET)|(POST), /oauth*
+p, *, idp.example.com, (GET)|(POST), /saml*
+p, *, idp.example.com, (GET)|(POST), /sessions*
+p, *, ui.example.com, (GET)|(POST), /oauth*
+p, *, ui.example.com, (GET)|(POST), /oidc*
+p, *, ui.example.com, (GET)|(POST), /saml*
-- 
cgit v1.2.3