Uploaded image for project: 'GPII - Global Public Inclusive Infrastructure'
  1. GPII - Global Public Inclusive Infrastructure
  2. GPII-3720

Design and implement new Access Token generator to support keyless login


    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:


      The access token generator, as accessed by the GPII-2436 access requestor, will need a new pathway to support the new OAuth grant type and the new security restrictions.

      Based on looking up the client_secret in the Client Credentials table, and finding the associated GPII App Installation Clients entry, the access token generator will find an annotation determining what is the appopriate OAuth grant type for the request. It will also made a check of the originating IP against the CIDR entries in the table - if it does not match, the request will be rejected and no access token will be provided.

      A further difference with the standard access token generator is that, on finding the special OAuth grant type for keyless login, the access token generator will not make a check for the existence of the GPII key provided in the request. Instead, both the key and the vault will be provisioned lazily when the client makes some attempt to write some saved preferences.


          Issue Links



              • Assignee:
                cli@ocad.ca Cindy Qi Li
                amb26 Antranig Basman
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: