Use DfE sign in for staff authentication #408
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
steventux
changed the title
steventux
changed the title
steventux
force-pushed
the
117-use-dfe-signin-for-support-login
branch
2 times, most recently
from
b57df9e to
c87e5a9
Compare
felixclack
approved these changes
Nov 3, 2023
| @@ -29,14 +31,14 @@ def add_auth_attributes_to_session | |||
| end | |||
|
|
|||
| def check_user_access_to_service | |||
There was a problem hiding this comment.
Nitpicking: Did you consider making this def role instead?
It would allow us to remove line 11 completely.
There was a problem hiding this comment.
Thanks @felixclack - No I didn't spot that, like it, will amend.
steventux
force-pushed
the
117-use-dfe-signin-for-support-login
branch
from
c87e5a9 to
9f79a6f
Compare
steventux
force-pushed
the
117-use-dfe-signin-for-support-login
branch
from
7e58178 to
44a7259
Compare
steventux
force-pushed
the
117-use-dfe-signin-for-support-login
branch
2 times, most recently
from
47c08f6 to
70f2150
Compare
4 tasks
gpeng
approved these changes
Nov 10, 2023
steventux
changed the title
steventux
force-pushed
the
117-use-dfe-signin-for-support-login
branch
from
70f2150 to
7093059
Compare
Staff will be authenticated and authorised using DSI.
The bypass? method will be used for SupportInterface and CheckRecords namespaces.
Add boolean staff column to dsi_users.
Configure an Omniauth builder with staff specific routes and callbacks.
Share the DSI authentication methods for check and support via a common concern.
Remove staff links partial, these are all Devise helper links.
steventux
force-pushed
the
117-use-dfe-signin-for-support-login
branch
from
7093059 to
196c7e5
Compare
steventux
changed the title
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
We currently have a devise based login for the support console of AYTQ/Check.
This is complexity we probably don’t need now we have a DfE Sign in integration.
Switch to using DfE Signin.
Changes proposed in this pull request
Guidance to review
Introduces a new role dependency which is configured in the env as
DFE_SIGN_IN_API_STAFF_ROLE_CODES, awaiting confirmation of role code from the sign in team.The env var
DFE_SIGN_IN_STAFF_REDIRECT_URLwill need to match a valid DSI redirect URI in the service configuration.Likewise the post logout redirect URI will need to be configured in DSI to match the appropriate omniauth config.
This PR will need reviewing on the test environment with the appropriate configuration as review apps won't play nicely with DSI.
Link to Trello card
https://trello.com/c/1PcLM39J/117-use-dfe-signin-for-support-login
Checklist