express-accesstoken-validation should be correctly implemented

[stianmorsund]

The version of express-accesstoken-validation (https://www.npmjs.com/package/express-accesstoken-validation) in use is directly cloned in /server/bin, because of small changes to the source. Should be forked or simply implemented directly in the sourcecode. Or deleted alltogether if/when the API generates its own tokens (see Issue #2 )

The only place it is used is in this file: https://github.com/DISCOOS/sar-status-api/blob/master/server/boot/token.js

[kengu]

We should replace our custom access token with a standard solution for authentication, authorization and permissions (ACL). Loopback has support for Passport and built in support for user registration and management. This allows us to enable registration and login using Facebook, Google etc as an bonus. Passport also support custom authentication strategies, so we still could support Kova. This however, should be implemented as a seperate node module in another repo, using Loopback connectors to delegate the user models to Kova.

• Loopback: Third party login using Passport
• Passport: Simple, unobtrusive authentication for Node.js
• Choosing your Node.js Authentication Strategy
• Passport strategy for authenticating with Azure AD using the OAuth 2.0 protocol
• Loopback Connectors
• Loopback Authentication