Issue #6: implement api key hashing and verification
This commit is contained in:
Joseph Doherty
@@ -589,6 +589,20 @@ The gateway should split the key into a stable key id and secret component,
|
||||
load the key record by id, hash the presented secret, and compare using a
|
||||
constant-time comparison.
|
||||
|
||||
`ApiKeyParser` accepts only `authorization: Bearer mxgw_<key-id>_<secret>`.
|
||||
Malformed headers fail before any database lookup. The parsed raw secret is
|
||||
kept only long enough for `ApiKeySecretHasher` to compute an HMAC-SHA256 hash
|
||||
using the configured `Authentication:PepperSecretName` lookup in application
|
||||
configuration. The raw secret is not stored in the auth database, identity
|
||||
model, logs, or verification result.
|
||||
|
||||
`ApiKeyVerifier` loads the stored key record by key id, rejects revoked keys,
|
||||
hashes the presented secret, and compares the stored and presented hashes with
|
||||
`CryptographicOperations.FixedTimeEquals`. A successful verification returns an
|
||||
`ApiKeyIdentity` with key id, key prefix, display name, and scopes. Failure
|
||||
results distinguish malformed credentials, missing keys, revoked keys, missing
|
||||
pepper configuration, and hash mismatch for internal authorization handling.
|
||||
|
||||
Recommended scopes:
|
||||
|
||||
- `session:open`
|
||||
|
||||
Reference in New Issue
Block a user