/funding-service-design-authenticator

Authentication microservice used for the funding service

Primary LanguagePythonMIT LicenseMIT

Funding Service Design - Authenticator

made-with-python Funding Service Design Authenticator Deploy CodeQL

This is the authenticator repository for funding service design microservices. This service provides an API and associated model implementation required for authentication of frontend, assessment and other FSD services.

Developer setup guide

This service depends on:

Overview

If you want an overview of how this service functions including architecture and features there's a fuller description in the /docs/README here.

Translations

This repo uses pybable for translation. Useful commands contained in tasks.py, more detail available here

Testing

Testing in Python repos

IDE Setup

Python IDE Setup

Builds and Deploys

Details on how our pipelines work and the release process is available here

Paketo

Paketo is used to build the docker image which gets deployed to our test and production environments. Details available here

For Authenticator, envs needs to include values for each of:

  • AUTHENTICATOR_HOST
  • ACCOUNT_STORE_API_HOST
  • APPLICATION_STORE_API_HOST
  • NOTIFICATION_SERVICE_HOST
  • APPLICANT_FRONTEND_HOST
  • ASSESSMENT_FRONTEND_HOST
  • FUND_STORE_API_HOST
  • RSA256_PUBLIC_KEY_BASE64
  • RSA256_PRIVATE_KEY_BASE64
  • AZURE_AD_CLIENT_ID
  • AZURE_AD_CLIENT_SECRET
  • AZURE_AD_TENANT_ID
  • SECRET_KEY
  • COOKIE_DOMAIN
  • SENTRY_DSN
  • GITHUB_SHA
  • ALLOW_ASSESSMENT_LOGIN_VIA_MAGIC_LINK
  • POST_AWARD_FRONTEND_HOST

Copilot

Copilot is used for infrastructure deployment. Instructions are available here, with the following values for the authenticator:

  • service-name: fsd-authenticator
  • image-name: funding-service-design-authenticator

Pull Requests

Authenticator has a different set of requirements for PR reviewers, as it is relied upon by multiple services (pre-award and post-award). It requires a minimum of 2 reviewers to approve a PR before merge, and will auto-request a review from the following 2 teams when a PR is raised:

  • fsd-post-award-deployers
  • fsd-pre-award-deployers These teams are configured in the CODEOWNERS file. Github cannot enforce the 2 reviews coming from 2 different teams, so please make sure you have 2 appropriate reviews before merging.