Skip to content

API Authentication Layer #46

New issue
New issue
Closed
#329
Closed
API Authentication Layer#46
#329
Assignees
lillie-dae
Labels
enhancementNew feature or request
Milestone
0.1.1
@dbericat

Description

@dbericat
dbericat
opened on Feb 7, 2022

APIs should authenticate & authorise users before granting access to any API endpoinds.
We should have at least two roles - admin and user.

Users should be able to use read-only APIs (eg Tasks API, Payloads API, Workflow Instances API, etc). Admins should also be allowed to use write/update APIs such as the Workflows API.

  • It should be possible to configure an OAuth2 provider URL in the configuration file
  • It should be possible to configure the token claim that gives access to Admin APIs, and what claim gives access to the read APIs (mapping external roles/properties to our "admin"/"user" roles).

Note: check with Joe about what to do around test bypass.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

Clinical Data Pipelines

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions