Add /auth endpoint

[seallard]

Description

Add /auth endpoint. A step in supporting the authorization code flow, see docs. The documentation describes the entire flow, this PR implements Step 5: Exchange authorization code for refresh and access tokens.

This endpoint will be used when a user signs in via Google to exchange the resulting authorization code for a refresh and access token. We can likely extract this service in the future, added to backlog here https://github.com/Clinical-Genomics/cg/issues/3027.

Closes https://github.com/Clinical-Genomics/streamline-delivery/issues/58. The goal is to ensure users in Cigrid do not have to re-login during the workday.

The new components:

• Authentication service: contains logic for authentication
• Encryption service: contains logic for encrypting data
• Google OAuth client: web API client for Googles OAuth endpoints
• Google API client: web API client for Googles API
• New column refresh_token in user table

The authentication service does the following

1. Exchange the authorization code for an access token and refresh token via the Google OAuth client
2. Use the access token to retrieve the users email via the Google API client
3. Retrieve the user with matching email from the database if it exists
4. Encrypt the refresh token and store it on the user
5. Return the access token

This logic is exposed via the /auth endpoint.

Added

• /auth endoint

[sonarcloud[bot]]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud