LEAR API calls should verify Keycloak token - Githubissues

bcgov / entity

ServiceBC Registry Team working on Legal Entities

Apache License 2.0

23 stars 58 forks source link

LEAR API calls should verify Keycloak token #1079

Open severinbeauvais opened 5 years ago

severinbeauvais commented 5 years ago

Keycloak Token Verification

Description:

Some LEAR API calls do not verify the KC token before returning data and are therefore insecure. (The Filings API call appears to check the token -- the call fails if the token has expired.)
The Filings API call fails incorrectly ("CORS error") when the provided KC token has expired.

Ready to Build (DoR):

[ ] Stakeholders have approved
[ ] User story completed
[ ] What are the dependencies
[ ] Acceptance criteria has been defined (happy path, known sad paths)
[ ] Validation rules defined (UI, Data, Role-Action)
[ ] Is a formal UAT required

Acceptance / DoD:

[ ] Design / Solution accepted by Product Owner
[ ] Test coverage acceptable
[ ] Peer Reviewed
[ ] Accessibility reviewed and acceptable checklist
[ ] UX Approved
[ ] PR Accepted
[ ] Production burn in completed

severinbeauvais commented 4 years ago

@thor Is this ticket resolved now?