After #3 (creating an account on Auth0) , we now need to secure our API using these new permissions.
Detail
With our development keys, we will want to implement a tiered auth system for access to the API. This should be integrated into our OpenAPI standard and the keys should be kept secure.
Requirements
R1: Our auth is defined in the openAPI standard in the code.
R2: The api is protected by auth
R1 In-Depth
The .yaml specification in the backend repo should have the auth defined so that it can be easily attached to new routes as they are created.
NOTE
The developer should ensure that the auth is then properly handled by the generated code. Otherwise, we may have to manually implement usage
R2 In-Depth
Now, we need to ensure that this is working as intended. This will most likely mean attaching a required permission to a test route and successfully hitting that route with a user.
Background
After #3 (creating an account on Auth0) , we now need to secure our API using these new permissions.
Detail
With our development keys, we will want to implement a tiered auth system for access to the API. This should be integrated into our OpenAPI standard and the keys should be kept secure.
Requirements
R1: Our auth is defined in the openAPI standard in the code.
R2: The api is protected by auth
R1 In-Depth
The .yaml specification in the backend repo should have the auth defined so that it can be easily attached to new routes as they are created.
NOTE
The developer should ensure that the auth is then properly handled by the generated code. Otherwise, we may have to manually implement usage
R2 In-Depth
Now, we need to ensure that this is working as intended. This will most likely mean attaching a required permission to a test route and successfully hitting that route with a user.