soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated the docs, removed oauth and introduced sanctum pat

Browse Source
This commit is contained in:
Codex Agent
2025-11-07 07:47:25 +01:00
parent 67affd3317
commit 9cc9950b0c
16 changed files with 153 additions and 503 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/prp/09-security-compliance.md
View File

@@ -9,8 +9,8 @@
## 2025 Hardening Priorities
- **Identity & OAuth***Owner: Backend Platform*
Track JWT key rotation via `oauth:rotate-keys`, roll out dual-key support (old/new KID overlap), surface refresh-token revocation tooling, and extend IP/device binding rules for long-lived sessions. See `docs/deployment/oauth-key-rotation.md` for the rotation playbook. Filament now offers a refresh-token console with per-device revocation and audit history.
- **Identity & Token Management***Owner: Backend Platform*
Track Sanctum PAT issuance and revocation. Provide tooling to list/revoke active PATs per tenant admin and document forced re-login procedures for compromised devices.
- **Guest Join Tokens***Owner: Guest Platform*
Hash stored join tokens, add anomaly metrics (usage spikes, stale tokens), and tighten gallery/photo rate limits with visibility in storage dashboards. Join-token access is now logged to `event_join_token_events` with summaries surfaced in the Event admin modal.
- **Public API Resilience***Owner: Core API*