evanharmon1
commented
5 years ago I'll check this out now. Is there anything in particular you would like me to look at or test?
Closed galbwe closed 4 years ago
evanharmon1
commented
5 years ago I'll check this out now. Is there anything in particular you would like me to look at or test?
galbwe
commented
5 years ago @evanharmon1 Thanks. I think I only tested that authorization was added to the /ping route, and assumed it would be added to the rest of them. If you could check that it is working as intended, i.e. throws an error when someone tries to access an endpoint without authorization, for a few other routes, that would be great.
I'm also not sure how this affects the web forms yet, since at the moment they are running in the same container as the api endpoints. I'm in the process of separating them into a separate service, but in the mean time it might be good to know whether we can run them.
chris-french
commented
4 years ago Since it looks like we won't be allowing users to login for an MVP, I'm closing this PR. This code is good, but I don't think it's right for the current use case.
I think using something more simple, like flask-jwt, with only one or two tokens will work for our current use case.
JSON web token authentication on api endpoints for production configuration.