As the admin service, I want to validate the expiration and signature of Tazama format tokens so that only valid tokens are accepted.
Acceptance Criteria:
[ ] The system must require a bearer token in the Authorization header.
[ ] The admin service must integrate with Authentication Library to Validate the external token.
[ ] The admin service must return a 401: Unauthorized exception for any token validation failures.
[ ] The admin service must have a configurable AUTHENTICATED variable, which if switched to false, not require an Auth header, and skip all validations and authorization.
[ ] Declare privilege per route
[ ] Define claims per route - call claims -
[ ] Include in full-stack-docker
The /v1/admin/event-flow-control/account needs to declare the "GET_V1_EVENT_FLOW_CONTROL_ACCOUNT" privilege.
The /v1/admin/event-flow-control/entity needs to declare the "GET_V1_EVENT_FLOW_CONTROL_ENTITY" privilege.
The /v1/admin/event-flow-control/account needs to declare the "PUT_V1_EVENT_FLOW_CONTROL_ACCOUNT" privilege.
The /v1/admin/event-flow-control/entity needs to declare the "PUT_V1_EVENT_FLOW_CONTROL_ENTITY" privilege.
The /v1/admin/event-flow-control/account needs to declare the "POST_V1_EVENT_FLOW_CONTROL_ACCOUNT" privilege.
The /v1/admin/event-flow-control/entity needs to declare the "POST_V1_EVENT_FLOW_CONTROL_ENTITY" privilege.
The /v1/admin/event-flow-control/cache needs to declare the "PUT_V1_EVENT_FLOW_CONTROL_CACHE" privilege.
As the admin service, I want to validate the expiration and signature of Tazama format tokens so that only valid tokens are accepted.
Acceptance Criteria:
AUTHENTICATEDvariable, which if switched tofalse, not require an Auth header, and skip all validations and authorization.The /v1/admin/event-flow-control/account needs to declare the "GET_V1_EVENT_FLOW_CONTROL_ACCOUNT" privilege. The /v1/admin/event-flow-control/entity needs to declare the "GET_V1_EVENT_FLOW_CONTROL_ENTITY" privilege. The /v1/admin/event-flow-control/account needs to declare the "PUT_V1_EVENT_FLOW_CONTROL_ACCOUNT" privilege. The /v1/admin/event-flow-control/entity needs to declare the "PUT_V1_EVENT_FLOW_CONTROL_ENTITY" privilege. The /v1/admin/event-flow-control/account needs to declare the "POST_V1_EVENT_FLOW_CONTROL_ACCOUNT" privilege. The /v1/admin/event-flow-control/entity needs to declare the "POST_V1_EVENT_FLOW_CONTROL_ENTITY" privilege. The /v1/admin/event-flow-control/cache needs to declare the "PUT_V1_EVENT_FLOW_CONTROL_CACHE" privilege.
https://github.com/tazama-lf/tms-service/issues/184