Admin endpoints are protected by authn and authz
What we're after
The service will have several admin endpoints for running reports and making changes to customer data. The endpoints must be protected against unauthorized use.
-
Authentication: UAA login is required to access admin endpoints, which are served on a different route than user-facing endpoints -
Authorization: The app will only allow authorized users (Platform Operators) to access endpoints -
If possible, the route will only be available on ZScaler
Security considerations
This is a security-critical issue, required for controlling access to admin functions. A separate issue will be made for implementing the endpoints.
Notes for implementers
- Use Chi middleware to implement authn/authz checks on admin router.
Related issues/sub-projects
- Admin router ticket TBD