Skip to:

Skip to Jira Navigation
Skip to Side Navigation
Skip to Main Content

SPIKE: improve design of authn/z

Description

TBD:
– summarise current design and refer to existing docs
– propose API changes
– propose additional utilities (like caching)

Goal

This goal is to improve the following aspects of the existing authn/z:

improve performance and cacheability – structure the API to limit the number of token signing requests
standardize and simplify mod-authtoken API – use regular RAML/JSON API defintion
lift header-size limites – move away from the header-oriented API, limit the number of custom headers

https://docs.google.com/document/d/14DVZC3MJRQfgNchMXzxtz4-2s0W9pmnXCLq5KbjeKaw/edit?usp=sharing

Environment

None

Potential Workaround

None

Linked issues

is blocked by

Remove permissions from X-Okapi-Token (JWT) - convert module permissions to a permset

relates to

change login API to return tokens in the body and not in private headers

SPIKE: investigate refresh tokens support in FOLIO

Implement Token Cache

Checklist

hide

TestRail: Results

Activity

Show:

Details

Assignee

Jakub Skoczen

Reporter

Jakub Skoczen

Labels

platform-backlog

Priority

P2

Story Points

5

Sprint

CP: Roadmap backlog

Development Team

Core: Platform

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created March 23, 2020 at 7:42 AM

Updated May 31, 2021 at 12:50 PM

TestRail: Cases

TestRail: Runs