Use different JWT secret for auth and refresh tokens..

2020-06-15 16:51:37 +02:00
parent 11740e5986
commit 7c364c7295
3 changed files with 8 additions and 6 deletions
@@ -29,21 +29,21 @@ val configurationModule = Kodein.Module(name = "Configuration") {

 data class DatabaseConfig(val host: String, val port: Int, val name: String, val username: String, val password: Masked)
 data class ServerConfig(val host: String, val port: Int, val cors: Boolean)
-data class JwtConfig(val secret: Masked, val auth: JwtValidity, val refresh: JwtValidity)
-data class JwtValidity(val validity: Long, val unit: TimeUnit)
+data class JwtConfig(val auth: Jwt, val refresh: Jwt)
+data class Jwt(val validity: Long, val unit: TimeUnit, val secret: Masked)
 data class Config(val database: DatabaseConfig, val server: ServerConfig, val jwt: JwtConfig)


 private fun configureAuthJwt(kodein: Kodein): SimpleJWT {
    val config by kodein.instance<Config>()
-    val jwtSecret = config.jwt.secret
+    val jwtSecret = config.jwt.auth.secret
    val authConfig = config.jwt.auth
    return SimpleJWT(jwtSecret.value, authConfig.validity, authConfig.unit)
 }

 private fun configureRefreshJwt(kodein: Kodein): SimpleJWT {
    val config by kodein.instance<Config>()
-    val jwtSecret = config.jwt.secret
+    val jwtSecret = config.jwt.refresh.secret
    val refreshConfig = config.jwt.auth
    return SimpleJWT(jwtSecret.value, refreshConfig.validity, refreshConfig.unit)
 }