Require valid bearer auth token for all edge-inn-reach API endpoints except the Oauth2 token endpoint.
- Requirement: All requests to edge endpoints require a valid Bearer auth token for authentication/authorization
- Requirement: Does not apply to auth token endpoint (EDGEINREACH-2)
- Requirement: Requests without a valid bearer auth token should receive a 401 Unauthorized error response, per INN-Reach D2IR documentation.
- Requirement: Must support multiple valid tokens for the same key/secret in use simultaneously
- AC: All requests to edge endpoints require a valid bearer auth token header
- AC: All requests to edge endpoints without a valid bearer auth token header raise a 401 Unauthorized response in-line with INN-Reach D2IR specification (INN-Reach D2IR API Reference v2.3.pdf, pg. 9-10)
- AC: Multiple bearer tokens issued to the same key/secret pair can be in-use at the same time. i.e. issuing a bearer token does not invalidate any existing token. Tokens become invalid only by expiration.