search

auburnonlinecs / reviews-api

The API specification and implementation for the course reviews web application.
MIT License
0 stars 0 forks source link

Implement Auth #4

Open cj6046 opened 5 months ago

cj6046 commented 5 months ago

Background

After #3 (creating an account on Auth0) , we now need to secure our API using these new permissions.

Detail

With our development keys, we will want to implement a tiered auth system for access to the API. This should be integrated into our OpenAPI standard and the keys should be kept secure.

Requirements

R1: Our auth is defined in the openAPI standard in the code.

R2: The api is protected by auth

R1 In-Depth

The .yaml specification in the backend repo should have the auth defined so that it can be easily attached to new routes as they are created.

NOTE

The developer should ensure that the auth is then properly handled by the generated code. Otherwise, we may have to manually implement usage

R2 In-Depth

Now, we need to ensure that this is working as intended. This will most likely mean attaching a required permission to a test route and successfully hitting that route with a user.

cj6046 commented 5 months ago

This issue is blocked by #1 This issue is blocked by #3