FDN-4546: Apply jwt.salt fallback to all JWT_SALT config lookups

[gheine]

Summary

• Apply the jwt.salt with JWT_SALT fallback pattern to AuthorizationImpl and AuthHeaders, matching the change already made in FlowActionInvokeBlockHelper
• Update AuthorizationSpec test helper to reference jwt.salt as the preferred config key
• Update AuthHeaders docstring to document both config keys

Test plan

• sbt test passes — all existing JWT auth tests continue to work with JWT_SALT via fallback
• Services using jwt.salt config will now work across all three JWT lookup sites

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Added support for an optional JWT salt configuration with a fallback to the existing setting, preserving backward compatibility.

• Documentation

  • Updated configuration docs to reflect both the new optional key and the legacy fallback.

• Tests

  • Updated test suite to cover the new configuration fallback behavior.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d5b61bf and 7a390ff.

📒 Files selected for processing (3)

• lib/app/io/flow/play/controllers/Authorization.scala
• lib/app/io/flow/play/util/AuthHeaders.scala
• lib/test/io/flow/play/controllers/AuthorizationSpec.scala

🚧 Files skipped from review as they are similar to previous changes (1)

• lib/app/io/flow/play/util/AuthHeaders.scala

---

📝 Walkthrough

Walkthrough

Try an optional jwt.salt configuration key first and fall back to the legacy JWT_SALT if absent; code and tests updated so the resolved salt is config.optionalString("jwt.salt").getOrElse(config.requiredString("JWT_SALT")).

Changes

Cohort / File(s)	Summary
JWT salt resolution lib/app/io/flow/play/controllers/Authorization.scala, lib/app/io/flow/play/util/AuthHeaders.scala	Initialize jwtSalt by checking config.optionalString("jwt.salt") and falling back to config.requiredString("JWT_SALT"); comments/docs updated to mention both keys.
Tests lib/test/io/flow/play/controllers/AuthorizationSpec.scala	Test helper default salt changed to mockConfig.optionalString("jwt.salt").getOrElse(mockConfig.requiredString("JWT_SALT")) to match new resolution order.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: applying a jwt.salt fallback pattern to all JWT_SALT config lookups across multiple components.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

lib/test/io/flow/play/controllers/AuthorizationSpec.scala (1)

20-26: ⚠️ Potential issue | 🔴 Critical

Fix test helper to use fallback pattern for JWT salt configuration.

The test helper calls mockConfig.requiredString("jwt.salt") but MockConfig only provides the legacy key "JWT_SALT" (see MockConfig.scala line 33). This will cause the test to fail at runtime with a missing configuration error.

Either update MockConfig to include "jwt.salt", or match the production code pattern by using mockConfig.optionalString("jwt.salt").getOrElse(mockConfig.requiredString("JWT_SALT")) in the test helper.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/test/io/flow/play/controllers/AuthorizationSpec.scala` around lines 20 -
26, The test helper createJWTHeader currently calls
mockConfig.requiredString("jwt.salt") which fails because MockConfig only
exposes the legacy "JWT_SALT"; change the call to use the same fallback pattern
as production: call
mockConfig.optionalString("jwt.salt").getOrElse(mockConfig.requiredString("JWT_SALT"))
to retrieve the salt, then use that value when encoding the token in
createJWTHeader so tests won’t crash due to a missing "jwt.salt" key.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@lib/test/io/flow/play/controllers/AuthorizationSpec.scala`:
- Around line 20-26: The test helper createJWTHeader currently calls
mockConfig.requiredString("jwt.salt") which fails because MockConfig only
exposes the legacy "JWT_SALT"; change the call to use the same fallback pattern
as production: call
mockConfig.optionalString("jwt.salt").getOrElse(mockConfig.requiredString("JWT_SALT"))
to retrieve the salt, then use that value when encoding the token in
createJWTHeader so tests won’t crash due to a missing "jwt.salt" key.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 856b835 and 0cb9b39.

📒 Files selected for processing (3)

• lib/app/io/flow/play/controllers/Authorization.scala
• lib/app/io/flow/play/util/AuthHeaders.scala
• lib/test/io/flow/play/controllers/AuthorizationSpec.scala

[flow-tech]

Click here for code coverage report: https://jenkins.flo.pub/job/flowcommerce/job/lib-play/job/PR-645/3/scoverage-report/

[flow-tech]

Click here for code coverage report: https://jenkins.flo.pub/job/flowcommerce/job/lib-play/job/PR-645/4/scoverage-report/