-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check user access to service on sign in #333
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
steventux
commented
Aug 31, 2023
steventux
force-pushed
the
166-dfe-signin-role-spike
branch
3 times, most recently
from
September 4, 2023 10:35
1a7ec5c
to
4ad691f
Compare
Review app deployed to https://s165d01-aytq-review-pr-333-app.azurewebsites.net |
steventux
force-pushed
the
166-dfe-signin-role-spike
branch
from
September 5, 2023 09:52
4ad691f
to
53432b4
Compare
steventux
force-pushed
the
166-dfe-signin-role-spike
branch
from
September 5, 2023 10:16
53432b4
to
c44a262
Compare
steventux
force-pushed
the
166-dfe-signin-role-spike
branch
from
September 5, 2023 12:06
c44a262
to
2b4dc65
Compare
steventux
changed the title
Check user access to service on sign in callback
Check user access to service on sign in
Sep 7, 2023
steventux
force-pushed
the
166-dfe-signin-role-spike
branch
from
September 7, 2023 15:11
2b4dc65
to
6a31cbb
Compare
steventux
requested review from
malcolmbaig,
felixclack,
gpeng and
AbigailMcP
September 11, 2023 10:49
This provides a way to record which role and organisation a user has authenticated with.
This DSI API endpoint will respond with roles belonging to the user.
We only do this if supplied an optional role. Bypass mechanisisms will still function without a role.
We don't do this if bypassing DSI. The first role to match the list of authorised roles will be recorded in the DsiUserSession along with org info. The absence of a valid role takes the user to the 'Not authorised' page.
steventux
force-pushed
the
166-dfe-signin-role-spike
branch
from
September 11, 2023 14:02
10556a6
to
aa4b2b7
Compare
gpeng
approved these changes
Sep 12, 2023
malcolmbaig
approved these changes
Sep 12, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
We would like to check user roles as an authorisation step on the
check-records
part of the service.The DfE Signin API exposes an endpoint which replies with user roles for a given user, service and organisation.
Changes
ENV["DFE_SIGN_IN_API_ROLE_CODES"]
DsiUserSession
record on each successful login (except when bypass is active). This record contains the role and org info the user authenticated with.Guidance to review
Local overrides are necessary to make this PR work. Specifically the env vars
I have edited the review app keyvault with working values.
Link to Trello card
https://trello.com/c/mTFXWXo7/166-dfe-signin-role-spike
https://trello.com/c/7vJeIbez/185-store-more-things-about-the-user
Checklist