Auth Library to Validate Claims (Authorization)
Closed this issue · 1 comments
As the TMS API, I want to validate the the claims from a token to ensure that the token has the required claims correlating to the privilege it is requesting.
Acceptance Criteria:
-
The Auth Library needs to extract the claims from the token.
-
The TMS API needs to declare privileges for its different endpoints:
-
The /v1/evaluate/iso20022/pain.001.001.11 needs to declare the "POST_V1_EVALUATE_ISO20022_PAIN_001_001_11" privilege.
-
The developer needs to create the Postman script to create the "POST_V1_EVALUATE_ISO20022_PAIN_001_001_11" Role in Keycloak.
-
The /v1/evaluate/iso20022/pain.013.001.09 needs to declare the "POST_V1_EVALUATE_ISO20022_PAIN_013_001_09" privilege.
-
The developer needs to create the Postman script to create the "POST_V1_EVALUATE_ISO20022_PAIN_013_001_09" Role in Keycloak.
-
The /v1/evaluate/iso20022/pacs.008.001.10 needs to declare the "POST_V1_EVALUATE_ISO20022_PACS_008_001_10" privilege.
-
The developer needs to create the Postman script to create the "POST_V1_EVALUATE_ISO20022_PACS_008_001_10" Role in Keycloak.
-
The /v1/evaluate/iso20022/pacs.002.001.12 needs to declare the "POST_V1_EVALUATE_ISO20022_PACS_002_001_12" privilege.
-
The developer needs to create the Postman script to create the "POST_V1_EVALUATE_ISO20022_PACS_002_001_12" Role in Keycloak.
-
The Tazama Operator needs to be able to associate the pre-defined privileges to select users, in order to have the Keycloak token have the correlating role.
-
The TMS API needs to ensure the requested resource is covered by the claims by ensuring the privilege exists in the Tazama token's claims.