User authorization - through OAuth?

[chaoran-chen]

At the moment, the only authorization check is through the access keys which are directly managed by LAPIS. Currently, we only have very few keys that were manually added to the database. We don't have anything for user management. That is alright: I think that we don't really want to create an entire user management (create/delete user accounts, change passwords, etc.) and authentication (logins, possible two-factor authentication, etc.) infrastructure within LAPIS.

However, we would like to be able to support a setup where a larger and frequently changing set of users have to authenticate to access the data.

As a solution, we could use an existing protocol such as OAuth 2.0. In that framework, LAPIS would be a resource server (see OAuth page and Spring documentation).