Uploaded image for project: 'GPII - Global Public Inclusive Infrastructure'
  1. GPII - Global Public Inclusive Infrastructure
  2. GPII-3720

Design and implement new Access Token generator to support keyless login

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      The access token generator, as accessed by the GPII-2436 access requestor, will need a new pathway to support the new OAuth grant type and the new security restrictions.

      Based on looking up the client_secret in the Client Credentials table, and finding the associated GPII App Installation Clients entry, the access token generator will find an annotation determining what is the appopriate OAuth grant type for the request. It will also made a check of the originating IP against the CIDR entries in the table - if it does not match, the request will be rejected and no access token will be provided.

      A further difference with the standard access token generator is that, on finding the special OAuth grant type for keyless login, the access token generator will not make a check for the existence of the GPII key provided in the request. Instead, both the key and the vault will be provisioned lazily when the client makes some attempt to write some saved preferences.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                cli@ocad.ca Cindy Qi Li
                Reporter:
                amb26 Antranig Basman
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: