API authorization - Githubissues

CanDIG / rnaget_service

Implementation of GA4GH rnaget API

GNU General Public License v3.0

1 stars 2 forks source link

API authorization #8

Open alipski opened 5 years ago

alipski commented 5 years ago

The security component of the API remains to be implemented. A basic API key / oauth2 authorization flow should be put in place to prepare the service to be demoed in the context of a secure infrastructure.

OpenAPI spec has security parts commented out. Uncomment and implement according to latest GA4GH schemas.
POST endpoints should be access-controlled

alipski commented 5 years ago

So far authorization works using an external gateway (Tyk) to validate api keys and apply resource access grants. Works in context of CanDIG but not as a standalone service so it's not ideal