We currently allow access to the app to anyone with a Turing Azure AD account (see issue #44). For querying the Harvest and GitHub API's it uses tokens from Jack's accounts, passed into the Azure app service as environment variables from a key vault.
This is ok while the app is read-only but even then is not ideal as it uses Jack's Harvest credentials.
In the longer terms, we need to consider:
How we want to authenticate with GitHub and Harvest. In my Jack's opinion we probably want the app to be more open (i.e. viewable by more people) than GitHub and Harvest, so I would suggest having tokens from some Hut23 admin account that are used.
How/whether this changes once it's possible to make edits from the app.
How/whether this changes if/when we're no longer relying on Harvest as a back-end.
We currently allow access to the app to anyone with a Turing Azure AD account (see issue #44). For querying the Harvest and GitHub API's it uses tokens from Jack's accounts, passed into the Azure app service as environment variables from a key vault.
This is ok while the app is read-only but even then is not ideal as it uses Jack's Harvest credentials.
In the longer terms, we need to consider:
How we want to authenticate with GitHub and Harvest. In my Jack's opinion we probably want the app to be more open (i.e. viewable by more people) than GitHub and Harvest, so I would suggest having tokens from some Hut23 admin account that are used.
How/whether this changes once it's possible to make edits from the app.
How/whether this changes if/when we're no longer relying on Harvest as a back-end.