-
Notifications
You must be signed in to change notification settings - Fork 7
Authentication & Authorization
Before gewisdb!GH-138, authentication worked by restricting access on the webserver using HTTP authentication. With gewisdb!GH-138, authentication was integrated in the application.
To centralize permission management, gewisdb!GH-198 was implemented which means that access to the production version of the database is governed by Active Directory (together with other secretary permissions such as file shares). Still, all users who successfully authenticate have all permissions.
In gewisdb!GH-234 API authentication was integrated. This allows for tokens with restricted access. With this access, other applications can be granted access to (some) data in the database.
Listeners for authentication and authorization have been added in module/User/src/Module.php. What authorization type is defined in the auth_type variable in the routing config, e.g. in module/User/config/module.config.php. Valid options are defined in module/User/src/Listener/AuthenticationListener.php