Take a look and reference the Auth RFC from GA4GH from our docs

[briandoconnor]

Take a look at:

https://docs.google.com/document/d/1zzsuNtbNY7agPRjfTe6gbWJ3BU6eX19JjWRKvkFg1ow/edit#heading=h.pnom2c7wov36

And reference as needed in our spec/docs.

[jaeddy]

Is this assigned to anyone?

[rishidev]

The doc is currently in draft still, I guess we should wait for publication before including.

[briandoconnor]

see #229, this is related to that

[jaeddy]

Fixing link to DRS repo issue: ga4gh/data-repository-service-schemas#229

[briandoconnor]

@jaeddy can you take this ticket? @rishidev has the draft been finalized for the RFC?

[jaeddy]

@briandoconnor I took a look at the RFC and, in particular, the requirements for applications/clients (which I think would apply to all of the Cloud APIs). In short, we should plan to eventually require that implementations support "OAuth 2.0 Authorization Code Grant" and "OIDC Authorization Code Flow" - plus some other bits about TLS and cache control.

It's still pretty abstract (to me) how we or a WES server would specify this with Swagger/OpenAPI, so I'd like to see an example. As far as I can tell, the doc is still in draft/RFC status - so I don't think there are any immediate action items for us.