This PR changes the way that requests are authorized with Keycloak. Requests must contain a keycloak token from the BCTW or SIMS service accounts (this can be expanded if needed by other services). For auditing purposes, the username and keycloak_guid of the user making the call must be sent with the request in the 'user' header.
This PR changes the way that requests are authorized with Keycloak. Requests must contain a keycloak token from the BCTW or SIMS service accounts (this can be expanded if needed by other services). For auditing purposes, the username and keycloak_guid of the user making the call must be sent with the request in the 'user' header.