Some LEAR API calls do not verify the KC token before returning data and are therefore insecure. (The Filings API call appears to check the token -- the call fails if the token has expired.)
The Filings API call fails incorrectly ("CORS error") when the provided KC token has expired.
Ready to Build (DoR):
[ ] Stakeholders have approved
[ ] User story completed
[ ] What are the dependencies
[ ] Acceptance criteria has been defined (happy path, known sad paths)
[ ] Validation rules defined (UI, Data, Role-Action)
[ ] Is a formal UAT required
Acceptance / DoD:
[ ] Design / Solution accepted by Product Owner
[ ] Test coverage acceptable
[ ] Peer Reviewed
[ ] Accessibility reviewed and acceptable checklist
Keycloak Token Verification
Description:
Some LEAR API calls do not verify the KC token before returning data and are therefore insecure. (The Filings API call appears to check the token -- the call fails if the token has expired.)
The Filings API call fails incorrectly ("CORS error") when the provided KC token has expired.
Ready to Build (DoR):
Acceptance / DoD: