Describe the task
Make a user who logged in on the front end with keycloak, also be "logged in" on the back-end.
In order for the API to enforce appropriate permissions, it has to accept, validate and understand the token passed to it from the front-end.
Acceptance Criteria
[ ] Unauthorized (401 response) for requests coming from users who are not logged in.
[ ] Ok (200 response) for logged in users with appropriate rights.
[ ] Access forbidden (403 response) for request coming from logged in user without appropriate rights.
Additional context
Every call to the API, must contain a token passed to it from the front end. On every call, the token is validated, and a check is performed to see if the specified action may be performed.
Describe the task Make a user who logged in on the front end with keycloak, also be "logged in" on the back-end. In order for the API to enforce appropriate permissions, it has to accept, validate and understand the token passed to it from the front-end.
Acceptance Criteria
Additional context