You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Once we have established integration with the non-authenticated endpoint, we can move on to integrating with an endpoint that requires authentication/authorization.
All available URLs (including base url, endpoint paths, etc) - can be provided through the Swagger doc
Any non-standard features of using the auth token
Any expectations for what VA.gov should provide
Any process/steps needed to register a new OAuth 2.0 client ID with the API
Process for registering/managing public/private keys
Acceptance Criteria
Controller endpoint
Tests (unit/integration)
Error handling
API service changes
Vets-api config/param store (auth related)
“Lessons learned” documented
Vets-api swagger docs updated
Demo
Demoable? Yes
How? Use an API testing tool (curl, postman, or insomnia) to hit the VA.gov endpoint and show the response
Impact? Finishing this work will pave the way for future endpoints, and proves that OAuth authZ has been completed. Ensures our test user works between both systems.
Definition of Done
All acceptance criteria are met
Documentation is updated
The text was updated successfully, but these errors were encountered:
We successfully request a token from STS. Looks good, with appropriate scopes. However, further testing shows an error on the Travel Pay API side: 401 - "Unauthorized access" I worked with Tim H on the API team, and I suggested they might have to change their issuer value. This requires an API code change and a redeploy. Dev deploys on merge, non-prod deploys manually. He doesn't think it'll take too long.
kjduensing
added a commit
to department-of-veterans-affairs/vets-api
that referenced
this issue
Apr 26, 2024
Description
Once we have established integration with the non-authenticated endpoint, we can move on to integrating with an endpoint that requires authentication/authorization.
Note: This is where having a synchronized test user across VA.gov and the BTSSS API is necessary.
Things we need from API team
Acceptance Criteria
Vets-api swagger docs updatedDemo
Definition of Done
The text was updated successfully, but these errors were encountered: