As part of adding an Auth0 auth layer to the data store, we will be decorating a set of API endpoints with a security decorator that indicates what type of action the endpoint is (CRUD).
The decorator will use this information, together with JWT, and information passed to the decorated function (UUID/resource, etc.), to determine what the user is permitted to do.
Files Affected
The security check for each type of action will ultimately be handled in the Auth0 class in dss/util/auth/auth0.py.
This class defines _create() _read() _update() _delete() methods. Each API endpoint will indicate which of the four types of operation it is. So a call to PUT /bundles/<uuid> would map to a put() function in dss.api.bundles. That function would be decorated with a security decorator that indicates it is a create operation. Then the security check that would be called would be the _create() method of the Auth0 class in dss.util.auth.
The security decorators are added to each API endpoint that needs auth in dss/api/{files,bundles,*}.py
From the scripts/swagger_auth.py script we can get a set of API endpoints that will be protected:
Background
As part of adding an Auth0 auth layer to the data store, we will be decorating a set of API endpoints with a security decorator that indicates what type of action the endpoint is (CRUD).
The decorator will use this information, together with JWT, and information passed to the decorated function (UUID/resource, etc.), to determine what the user is permitted to do.
Files Affected
The security check for each type of action will ultimately be handled in the
Auth0
class indss/util/auth/auth0.py
.This class defines
_create() _read() _update() _delete()
methods. Each API endpoint will indicate which of the four types of operation it is. So a call toPUT /bundles/<uuid>
would map to aput()
function indss.api.bundles
. That function would be decorated with a security decorator that indicates it is acreate
operation. Then the security check that would be called would be the_create()
method of theAuth0
class indss.util.auth
.The security decorators are added to each API endpoint that needs auth in
dss/api/{files,bundles,*}.py
From the
scripts/swagger_auth.py
script we can get a set of API endpoints that will be protected:Work to be Done
Implement the security checks as follows:
Create:
Read:
Update:
Delete:
Related Issues
Relates to Auth0 FLAC user stories #93
Definition of Done
These security checks are implemented in the
Auth0
class indss/util/auth/auth0.py
.