Open galenatjpl opened 2 years ago
Moving this to "Done". All sub tasks are completed.
Additional details related to this can be found in slide deck: "Unity Security Model - Authentication and Authorization – Part 2" https://docs.google.com/presentation/d/1wNppS59cjFRivjkim6OdFNoTO-n0E2hGG66lvBw_EC8/edit?usp=sharing
CRITICAL WPS-T endpoint (multiple REST APIs that exist) is accessible to logged in members of the Unity System. Unity SSO, in other words. Only authentication is needed here, to prove WPS-T access, not authorization in R0.2. Acceptance Criteria: At least one working example of locking down a REST API.
CRITICAL Sounder SIPS + U-SPS Team (Luca, Dustin, Namrata, Drew) + UI Team (Anil Natha, Rob Tapella) + U-CS Team members have been on-boarded into the appropriate Authentication Realm.
Acceptance Criteria: At least two Sounder SIPS members in the user pool, and able to use authentication via Cognito A&A.
CRITICAL Jupyter Notebook Users can access WPS-T endpoint by API (e.g. command Line or machine to machine (app2app), non-interactive authentication)
Users who are not authenticated are redirected to login mechanism (or a HTTP 403).
Users can access WPS-T endpoint by Browser (Human based, interactive Auth)
Command-line app/tool to get credentials
NOTE: machine to machine is the most probably/important use case here.
NOTE: for R0.2 we only need authentication support (authorization would be extra credit here)
NOTE: M20’s design for token management is in these docs https://github.jpl.nasa.gov/pages/M2020-CS3/CSSO_DOCS/csso/docs/quick_start_guide.html
NOTE: integration point repo is https://github.com/unity-sds/ades_wpst
NOTE: command-line tool to get credentials, as well as libraries to interact.