Open johanfol opened 1 week ago
@johanfol - Can we please add a separate and authentication-specific environment variable to turn the authentication service on and off? If we are piggy-backing off the existing NodeENV
variable, we won't be able to test this effectively in pre-production environments. The combination of the two concepts into a single variable also defeats our "separation of concerns" design principle.
As the TMS API, I want to validate the expiration and signature of Tazama format tokens so that only valid tokens are accepted.
Acceptance Criteria:
AUTHENTICATED
variable, which if switched tofalse
, not require an Auth header, and skip all validations and authorization.