Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
1316: Adds document describing both frontend and backend auth setup #742
base: main
Are you sure you want to change the base?
1316: Adds document describing both frontend and backend auth setup #742
Changes from all commits
cf38828
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't want to make it complex, but people should know that with front-end enabled authentication, we can still have the backend without auth enabled, not the other way around.
so the momen you enable authNZ in the backend you have to enable authNZ in front as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After inspecting some decoded tokens: I have an mental concept of scopes and OIDC. I know that it is a difficult topic. Suggestion add an example decoded token so readers have an idea of stuff that can be seen inside the token.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mwa.. doesn't that go a bit far for in this place?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the variables provided, requests to endpoints will return a 403 error for users who are not logged in, and a 401 error for users who are not authorized for the request or part of the request. (GraphQL for example)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A method that applies authorization decisions (e.g. OPA decisions) to HTTP requests and the decision is either true or false (Allow/Forbidden). Uses OAUTH2 settings and requests information to authorize actions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You know I have a doubt here because I believe not all people use OPA for authorization.,
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
here we can say for example for interacting with LSO and the callback step you can bypass the request since authentication happens in the callback step API itself and no need here.