XML

Word

Printable

Sprint:
AppSec Iteration 98, AppSec Iteration 99, AppSec Iteration 100, AppSec Iteration 101

Motivation

We wrap the current logic of scope checking behind an SPI to make it possible to use that by the GraphQL logic.

Acceptance Criteria

p.s. The following ACs should be met before and after the implementation, because we are simply refactoring existing code.

AC-1
- Given there is an application configured to OAuth 2 with well defined scopes for a JAX-RS application
- When a valid access_token has been received on a request by the said JAX-RS application through a proper request
- Then the request is authorized (subject to permission checking)
AC-2
- Given there is an application configured to OAuth 2 with well defined scopes for a JAX-RS application
- When an invalid access_token is used in the OAuth 2.0 header for receiving data from the application
- Then the response must be a 401 Unathorized response

depends on

LRDOCS-11396 Documentation of LPS-166214 Story

is a dependency of

LPS-158259 [GraphQL] Returns 401 Unauthorized error when using OAuth 2.0 as the authorization mechanism

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 mentioned in)

1.	[Dev] Implement abstraction	LPS-166215	Closed	Brian Chan
2.	[Plan] Product level planning	LPS-166267	Closed	Zsigmond Rab
3.	[Plan] Story planning	LPS-166268	Closed	Zsigmond Rab
4.	[Doc] Technical Draft of the LPS-166214 Story	LPS-166269	Closed	Gábor Lovas
5.	[Release] Feature flag / Release ignore	LPS-166270	Closed	Stian Sigvartsen
6.	[QA] Exploratory testing of LPS-166214	LPS-166271	Closed	Gábor Lovas
7.	[QA] Automate test cases of LPS-166214	LPS-166272	Closed	Gábor Lovas

Version	Package
7.4.13 DXP U53
Master