Uploaded image for project: 'edge-inn-reach'
  1. edge-inn-reach
  2. EDGINREACH-6

Require Valid Bearer Auth Token for All Non-Oauth2 Token Request edge-inn-reach API Endpoint Requests

    XMLWordPrintable

Details

    • Volaris Sprint 115, Volaris Sprint 116, Volaris Sprint 117
    • 5
    • Volaris

    Description

      Purpose/Overview:
      Require valid bearer auth token for all edge-inn-reach API endpoints except the Oauth2 token endpoint.

      Requirements/Scope:

      1. Requirement: All requests to edge endpoints require a valid Bearer auth token for authentication/authorization
      2. Requirement: Does not apply to auth token endpoint (EDGEINREACH-2)
      3. Requirement: Requests without a valid bearer auth token should receive a 401 Unauthorized error response, per INN-Reach D2IR documentation.
      4. Requirement: Must support multiple valid tokens for the same key/secret in use simultaneously

      Approach:

      Acceptance criteria:

      • AC: All requests to edge endpoints require a valid bearer auth token header
      • AC: All requests to edge endpoints without a valid bearer auth token header raise a 401 Unauthorized response in-line with INN-Reach D2IR specification (INN-Reach D2IR API Reference v2.3.pdf, pg. 9-10)
      • AC: Multiple bearer tokens issued to the same key/secret pair can be in-use at the same time. i.e. issuing a bearer token does not invalidate any existing token. Tokens become invalid only by expiration.

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                andrii.khodyka Andrii Khodyka
                brookstravis Brooks Travis
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases