Implement OAuth 2.0

[nandanrao]

For connecting accounts and getting data from a survey.

Ory vs. Auth0??

[nandanrao]

Should we start with OAuth or just start with some process to generate a long-lived token? How does Auth0 help with that?

[juanpc10]

For fly [ ] Modify the Call function of fly to validate that there is a token [ ] Create function to generate token: this function uses auth credentials to generate addresses for 14400 seconds (4 hours) [ ] Check if can be parameterized [ ] Modify the Call function of fly to validate that the token has not expired in case it is not expired we send the token to make the query in the API /all?survey=${surveyName}&after=${after}&pageSize=25 ; in case it is already expired generate a new token [ ] Test Modify call function [ ] Test get token [ ] Test modify Fly call function

For vlab-research/fly [ ] Modify the middleware to validate the expiration of the token [ ] Add function validate token; this function verifies that the token is not expired and has a valid signature [ ] In case the token is expired, reply 419 [ ] Test modify the middleware [ ] Test add validation function [ ] Test in case the token has expired, reply 419

[nandanrao]

Some thoughts:

1. I wouldn't check from the client if the token is expired, just try the call, get the "expired" response, and then handle that response (EAFTP)
2. Does the previous middleware in vlab-research/fly not do all of that already?