Giters

ballerine-io / ballerine

Open-source infrastructure and data orchestration platform for risk decisioning

Home Page:https://www.ballerine.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Basic Auth - Replace Backoffice Authentication Logic

alonp99 opened this issue · comments

commented

Task Description

This task involves replacing the existing PassportJS-based authentication mechanism in our backoffice application with SuperTokens, focusing on the email and password strategy. This includes updating the authentication endpoints, session management, and integrating role-based access control specific to backoffice functionalities.

Acceptance Criteria

  • The backoffice application uses SuperTokens for all authentication processes.
  • Existing sessions are migrated to SuperTokens sessions, ensuring no user is logged out due to the transition.
  • The application maintains its role-based access control, with roles now managed via SuperTokens.
  • Comprehensive testing is conducted to ensure the authentication flow, session management, and role-based access control work seamlessly.

Implementation Instructions

1. Update Authentication Endpoints

  • Replace the PassportJS authentication logic in the login and logout endpoints with SuperTokens' SDK methods.
  • Ensure the login endpoint creates a session using SuperTokens and returns session tokens to the client.
  • Update the logout endpoint to revoke sessions using SuperTokens.

2. Session Management

  • Integrate SuperTokens middleware for session verification in the backoffice app. Ensure all protected routes check for a valid SuperTokens session.
  • Configure session parameters (like expiry, refresh intervals) in line with existing session management policies.

3. Role-Based Access Control (RBAC)

  • Map existing user roles to SuperTokens' roles system. Implement any necessary logic to assign roles to users upon login or registration.
  • Update the RBAC middleware to use SuperTokens' session data for determining a user's roles and permissions.

4. Migration Plan for Existing Sessions

  • Develop a strategy to migrate existing user sessions to SuperTokens. This may involve a script or a temporary dual-authentication system to smoothly transition users without forcing logouts.

5. Testing

  • Write unit and integration tests for the new authentication endpoints and session management logic.
  • Test role-based access control in various scenarios to ensure correct permissions are enforced.
  • Perform manual testing to cover the entire login, logout, and access control flow in the backoffice application.

Resources

Notes

Remember to secure all environment variables and sensitive configuration details. Ensure backward compatibility where necessary, and provide clear documentation for any changes in the authentication flow or session management to assist with front-end adjustments.