Create a new auth implementation that validates a JWT token and attaches a user to the global context #2809

chouinar · 2024-11-12T18:46:27Z

TODO - some of the technical details.

We want a new auth approach that we can use as an alternative to our current:
@opportunity_blueprint.auth_required(api_key_auth)

Instead we should have a jwt auth that we can attach to our routes. This will do a few things:

Fetch a token from a header param
Validate that the token is one we generated in our API (see Setup logic to generate a JWT in our API #2808 )
Fetch a user from the DB with the given user ID
- Attach this user object to the global context to be fetched elsewhere

Open questions:

How does this work with the DB session management, we should be able to get a DB session in other methods, but will the user itself be funky because of a detached session issue?

The text was updated successfully, but these errors were encountered:

github-project-automation bot added this to Simpler.Grants.gov Product Backlog Nov 12, 2024

github-project-automation bot moved this to Icebox in Simpler.Grants.gov Product Backlog Nov 12, 2024

This was referenced Nov 12, 2024

Create a GET /users/:userID endpoint #2676

Closed

Scope out Oauth worked needed on backend #2726

Closed

chouinar self-assigned this Nov 19, 2024

chouinar moved this from Icebox to Todo in Simpler.Grants.gov Product Backlog Nov 19, 2024

chouinar added a commit that referenced this issue Nov 20, 2024

[Issue #2809] Handle parsing the jwt we created, and connect to a user

92664ed

chouinar mentioned this issue Nov 20, 2024

[Issue #2809] Handle parsing the jwt we created, and connect to a user #2959

Merged

chouinar closed this as completed in #2959 Nov 21, 2024

chouinar closed this as completed in 487d217 Nov 21, 2024

github-project-automation bot moved this from In Review to Done in Simpler.Grants.gov Product Backlog Nov 21, 2024

Provide feedback