Uploaded image for project: 'GPII - Global Public Inclusive Infrastructure'
  1. GPII - Global Public Inclusive Infrastructure
  2. GPII-2434 Authenticate GPII apps before they can request user settings from GPII Cloud
  3. GPII-2538

Enhance /:userToken/untrusted-settings/:device endpoint to verify access tokens granted for resource owner GPII token grant

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Security and Privacy
    • Labels:
      None

      Description

      The cloud based flow manager endpoint /:userToken/untrusted-settings/:device is used by GPII app installations to request user settings from GPII Cloud. With the work of GPII-2434, GPII app installations will be authenticated/authorized via OAuth2 resource owner GPII token grant. In correlation with this change,

      1. /:userToken/untrusted-settings/:device endpoint needs to be enhanced to verify access tokens granted for GPII app installations before responding with life cycle instructions.
      2. The local flow manager needs to be modified to follow these steps to request user settings.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                cli@ocad.ca Cindy Qi Li
                Reporter:
                cli@ocad.ca Cindy Qi Li
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: