Open pbastia opened 4 months ago
As a developer, I want the backend to have access to the entire JWT claims, so that I can perform additional security and access validations.
This will allow the backend (and existing middlewares) to also validate roles and implement RBAC
Given When Then
Definition of Ready (Note: If any of these points are not applicable, mark N/A)
·Definition of Done (Note: If any of these points are not applicable, mark N/A)
To consider when implementing this: https://python-keycloak.readthedocs.io/en/latest/modules/openid_client.html
@pbastia @Sepehr-Sobhani Is this related to or potentially part of bcgov/cas-coam#6?
Description:
As a developer, I want the backend to have access to the entire JWT claims, so that I can perform additional security and access validations.
This will allow the backend (and existing middlewares) to also validate roles and implement RBAC
Acceptance Criteria:
Given When Then
Development Checklist:
Definition of Ready (Note: If any of these points are not applicable, mark N/A)
·Definition of Done (Note: If any of these points are not applicable, mark N/A)
Notes:
Dependencies