Subversion Repositories oidplus

Compare Revisions

Regard whitespace Rev 1304 → Rev 1305

/trunk/doc/config_values.md
323,12 → 323,6
This is used for performance analysis.
Please choose a directory that cannot be accessed by world-wide.
 
### SESSION_LIFETIME
 
OIDplus::baseConfig()->setValue('SESSION_LIFETIME', 30*60);
 
Session lifetime in seconds.
 
### OBJECT_CACHING
 
OIDplus::baseConfig()->setValue('OBJECT_CACHING', true);
662,13 → 656,13
 
OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_ADMIN', true);
 
Allow "Remember me" logins for the administrator account.
Allow browser logins for the administrator account.
 
### JWT_ALLOW_LOGIN_USER
OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_USER', true);
 
Allow "Remember me" logins for a RA.
Allow browser logins for a RA.
 
### JWT_ALLOW_MANUAL_ADMIN and JWT_ALLOW_MANUAL_ADMIN_USER
 
677,13 → 671,13
 
Allow JWT tokens which were manually created "by hand".
These can have any content you like, but they must
contain the claim `oidplus_generator` with value `OIDplusAuthContentStoreJWT::JWT_GENERATOR_MANUAL`.
contain the claim `OIDplusAuthContentStoreJWT::CLAIM_GENERATOR` with value `OIDplusAuthContentStoreJWT::JWT_GENERATOR_MANUAL`.
 
### JWT_TTL_LOGIN_USER
OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_USER', 10*365*24*60*60);
 
How many seconds will a "remember me" login JWT token be valid?
How many seconds will a login JWT token be valid?
(RA login)
 
### JWT_TTL_LOGIN_ADMIN
690,7 → 684,7
 
OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_ADMIN', 10*365*24*60*60);
 
How many seconds will a "remember me" login JWT token be valid?
How many seconds will a login JWT token be valid?
(Administrator login)
 
 
/trunk/doc/developer_notes/auth_methods.md
6,8 → 6,7
JWT Bound to JWT accepted Outputs JWT CSRF Disabled /
Login method Handling Generator client IP? Request types Exception? OriginHeaders
-----------------------------------------------------------------------------------------------------------------------------------
Browser login (regular) PHP Session n/a Yes n/a n/a No
Browser login ("remember me") JWT 1 No COOKIE No (Silent) No
Browser login JWT 1 No COOKIE No (Silent) No
Automated AJAX call JWT 0 No GET/POST Yes Only ajax.php with GET/POST
Manually created JWT token JWT 2 No GET/POST/COOKIE Only via GET/POST Only ajax.php with GET/POST
-----------------------------------------------------------------------------------------------------------------------------------
/trunk/doc/developer_notes/class_diagram.drawio
1,6 → 1,6
<mxfile host="app.diagrams.net" modified="2023-05-31T21:45:09.782Z" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36" etag="5xBcap5hzl0EHfQwSl1m" version="21.2.3" type="device">
<mxfile host="app.diagrams.net" modified="2023-06-18T14:03:18.533Z" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" etag="BAydY3SgsdXEhg0DZ7MD" version="21.3.7" type="device">
<diagram id="C5RBs43oDa-KdzZeNtuy" name="Page-1">
<mxGraphModel dx="4921" dy="1255" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
<mxGraphModel dx="4555" dy="1067" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
<root>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-0" />
<mxCell id="WIyWlLk6GJQsqaUBKTNV-1" parent="WIyWlLk6GJQsqaUBKTNV-0" />
492,21 → 492,9
<mxPoint x="810" y="340" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="Byxuzqwyhnfv62GrUFNm-0" value="OIDplusAuthContentStore" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;fontStyle=2" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxCell id="Byxuzqwyhnfv62GrUFNm-0" value="OIDplusAuthContentStoreJWT" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="1560" y="441" width="200" height="40" as="geometry" />
</mxCell>
<mxCell id="Byxuzqwyhnfv62GrUFNm-9" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="WIyWlLk6GJQsqaUBKTNV-1" source="Byxuzqwyhnfv62GrUFNm-1" target="Byxuzqwyhnfv62GrUFNm-0" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="Byxuzqwyhnfv62GrUFNm-1" value="OIDplusAuthContentStoreJWT" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="1670" y="545" width="200" height="40" as="geometry" />
</mxCell>
<mxCell id="Byxuzqwyhnfv62GrUFNm-8" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="WIyWlLk6GJQsqaUBKTNV-1" source="Byxuzqwyhnfv62GrUFNm-3" target="Byxuzqwyhnfv62GrUFNm-0" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="Byxuzqwyhnfv62GrUFNm-3" value="OIDplusAuthContentStoreSession" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="1440" y="546" width="200" height="40" as="geometry" />
</mxCell>
<mxCell id="Byxuzqwyhnfv62GrUFNm-10" value="&amp;lt;&amp;lt;uses&amp;gt;&amp;gt;" style="endArrow=open;dashed=1;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;exitX=0.75;exitY=1;exitDx=0;exitDy=0;endFill=0;" parent="WIyWlLk6GJQsqaUBKTNV-1" source="HaJfKRJEYKdRmyHm2M7B-3" target="Byxuzqwyhnfv62GrUFNm-0" edge="1">
<mxGeometry x="0.796" y="2" width="50" height="50" relative="1" as="geometry">
<mxPoint x="1154" y="287" as="sourcePoint" />
/trunk/doc/developer_notes/class_diagram.png
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
/trunk/doc/developer_notes/server_secret.md
31,7 → 31,7
 
System / Core:
- Auth content Store (OIDplusAuthContentStoreJWT.class.php):
Key to sign JWT tokens (used for Automated AJAX requests, REST API and logins with "Remember me")
Key to sign JWT tokens (used for Automated AJAX requests, REST API and web browser logins)
* If a private/public key pair exists: Sign the JWT using that private key.
* Otherwise sign it using PBKDF2+HMAC:
`JWT = HS512(hash_pbkdf2("sha512", OIDplus::authUtils()->makeSecret(["0be35e52-f4ef-11ed-b67e-3c4a92df8582"]), "", 10000, 64/*256bit*/, false))`