Access Management needs to require authenticated users and systems when calling API or accessing API.
The login should be based on the JWTCookie method created for Altinn 3
We need to support
User logged in through the portal having av JWT Cookie created by the authentication component
Consideration
Frontend needs to verify if a user is logged in.
[ ] Call API endpoint to verify if a user is logged in.
[ ] If not logged in an Altinn JWT Token should be created
Requirement
All APIs should require login
Support both JWT token and JWT cookie
Requires XSRF protection when a cookie is used
Redirects user to default login when not logged in (Altinn 2)
Task
[x] Setup Authentication in Access Managment. Look at receipt /apps for inspiration. We should be able to use the common authentication package create for altinn 3. Nuget info
[x] Expose Authentication Refresh API. Look at App template how this is done.
[x] Enable authentication for one existing API.
[x] Update unit test to use token/cookie for this API.
[x] Enable authentication for home controller with redirect to authentication with enough return information
[x] Add the possibility in swagger to send in authentication token
TheTechArch
commented
1 year ago
Description
Access Management needs to require authenticated users and systems when calling API or accessing API.
The login should be based on the JWTCookie method created for Altinn 3
We need to support
Consideration
Frontend needs to verify if a user is logged in.
Requirement
Task