=== Goal
MPIC needs authenticate users. To do that we have a login screen where user has to enter credentials (username/password) and these will be authenticated using CAS-SSO.
We have to keep in mind that all routes require authentication and authorization except where noted otherwise (so far the `/api/v1/instrument` API endpoint we currently have).
From the `Instrument Configurator - Design Document`:
We propose authenticating and authorizing users using OpenID Connect, implemented in [[https://www.npmjs.com/package/openid-client|openid-client]], and [[https://www.npmjs.com/package/openid-client|CAS-SSO]] as the OpenID Connect Issuer. Because the app will not make API requests to any third parties, we propose implementing the [[https://www.npmjs.com/package/openid-client#authorization-code-flow|Authorization Code Flow]] and storing the user identity, session ID, and an HMAC in an httpOnly session cookie (herein “the session cookie”).
=== AC
[] We have implemented authentication and authorization mechanism using the Authorization Code Flow
[] Users can log in
[] Users can log out
=== Notes
- [[https://www.npmjs.com/package/openid-client|openid-client library for nodejs]]
- [[https://www.npmjs.com/package/openid-client#authorization-code-flow|Authorization Code Flow]]
- [[https://wikitech.wikimedia.org/wiki/CAS-SSO|Wikitech documentation for CAS-SSO]]