data.gov
data.gov copied to clipboard
GSA
add auth to flask admin app
User Story
In order to secure the datagov harvesting admin app, datagov wants to authenticate the user to provide access.
Acceptance Criteria
[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]
- [ ] GIVEN the harvest admin app
WHEN a user requests the app
THEN they must supply credentials to get access to the app \
Background
[Any helpful contextual notes or links to artifacts/evidence, if needed]
Security Considerations (required)
[Any security concerns that might be implicated in the change. "None" is OK, just be explicit here!]
Sketch
[Notes or a checklist reflecting our understanding of the selected approach]
Flask basic auth? As an interim step, knowing eventual production requires login.gov
- Tested Flask basic auth with Flask-Login for a single username/password setup.
- Created an application on the login.gov sandbox dashboard using localhost as the redirect URI, leading to a "redirect_uri not match" error.
- Explored other public protocols like Auth0 and Keycloak, successfully found the root cause and resolved the redirect_uri error.
- Encountered an acr_values error message from login.gov and currently investigating this issue.
https://developers.login.gov/oidc/getting-started/
Switched from using the client_secret parameter to private_key_jwt. Now have the capability to log in using an ID card, and currently working on decoding the id_token.
By testing with a simple Flask app, the login.gov authentication works successfully.
Now, working on the integration this into the current Flask admin app and ensure the user is registered and added to HarvestDB as well.
@Jin-Sun-tts this depends on flask login integration. let's discuss this week
Integrated with Flask admin app and tested on development. And changes were merged into main branch.