Access Management needs to require authenticated users and systems when calling API or accessing API.
The login should be based on the JWTCookie method created for Altinn 3
We need to support
User logged in through the portal having av JWT Cookie created by the authentication component
Consideration
Frontend needs to verify if a user is logged in.
[ ] Call API endpoint to verify if a user is logged in.
[ ] If not logged in an Altinn JWT Token should be created
Requirement
All APIs should require login
Support both JWT token and JWT cookie
Requires XSRF protection when a cookie is used
Redirects user to default login when not logged in (Altinn 2)
Task
[x] Setup Authentication in Access Managment. Look at receipt /apps for inspiration. We should be able to use the common authentication package create for altinn 3. Nuget info
[x] Expose Authentication Refresh API. Look at App template how this is done.
[x] Enable authentication for one existing API.
[x] Update unit test to use token/cookie for this API.
[x] Enable authentication for home controller with redirect to authentication with enough return information
[x] Add the possibility in swagger to send in authentication token
Description
Access Management needs to require authenticated users and systems when calling API or accessing API.
The login should be based on the JWTCookie method created for Altinn 3
We need to support
Consideration
Frontend needs to verify if a user is logged in.
Requirement
Task