This is the API for Better Informatics that provides information about the currently logged in user.
When you log in on Better Informatics, Informatics login server (CoSign) sends Better Informatics a personalised service-only (i.e, only valid to us) login cookie. We then store this login cookie as a cookie on your machine, available to all subdomains of betterinformatics.com.
We can see that login cookie, so we take it, and ask Informatics what your UUN is. Then we use Informatics' LDAP to get your details.
Absolutely not. We set the Access-Control-Allow-Origin header, causing your browser to reject API calls sent from websites other than https://betterinformatics.com.
Found a security vulnerability? Please email qaisjp right away.
This repository uses gosign, a library to interact with CoSign daemons.
It also interacts with the cosign-webapi backend, available to Better Informatics services on TARDIS.