This is the authenticator repository for funding service design microservices. This service provides an API and associated model implementation required for authentication of frontend, assessment and other FSD services.
This service depends on:
- A redis instance for storing magic links
- fund-store
- account-store
- notification
If you want an overview of how this service functions including architecture and features there's a fuller description in the /docs/README here.
This repo uses pybable for translation. Useful commands contained in tasks.py, more detail available here
Details on how our pipelines work and the release process is available here
Paketo is used to build the docker image which gets deployed to our test and production environments. Details available here
For Authenticator,
envs
needs to include values for each of:
AUTHENTICATOR_HOST
ACCOUNT_STORE_API_HOST
APPLICATION_STORE_API_HOST
NOTIFICATION_SERVICE_HOST
APPLICANT_FRONTEND_HOST
ASSESSMENT_FRONTEND_HOST
FUND_STORE_API_HOST
RSA256_PUBLIC_KEY_BASE64
RSA256_PRIVATE_KEY_BASE64
AZURE_AD_CLIENT_ID
AZURE_AD_CLIENT_SECRET
AZURE_AD_TENANT_ID
SECRET_KEY
COOKIE_DOMAIN
SENTRY_DSN
GITHUB_SHA
ALLOW_ASSESSMENT_LOGIN_VIA_MAGIC_LINK
POST_AWARD_FRONTEND_HOST
Copilot is used for infrastructure deployment. Instructions are available here, with the following values for the authenticator:
- service-name: fsd-authenticator
- image-name: funding-service-design-authenticator
Authenticator has a different set of requirements for PR reviewers, as it is relied upon by multiple services (pre-award and post-award). It requires a minimum of 2 reviewers to approve a PR before merge, and will auto-request a review from the following 2 teams when a PR is raised:
- fsd-post-award-deployers
- fsd-pre-award-deployers These teams are configured in the CODEOWNERS file. Github cannot enforce the 2 reviews coming from 2 different teams, so please make sure you have 2 appropriate reviews before merging.