Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorized Ping endpoint integration #73503

Closed
10 of 14 tasks
kjduensing opened this issue Jan 11, 2024 · 1 comment
Closed
10 of 14 tasks

Authorized Ping endpoint integration #73503

kjduensing opened this issue Jan 11, 2024 · 1 comment
Assignees
@athifw
Labels
beneficiary-travel BTSSS VA.gov demoable This is or is part of something that would make a compelling demo

Comments

@kjduensing
Copy link
Contributor

kjduensing commented Jan 11, 2024
edited

Description

Once we have established integration with the non-authenticated endpoint, we can move on to integrating with an endpoint that requires authentication/authorization.

Note: This is where having a synchronized test user across VA.gov and the BTSSS API is necessary.

Things we need from API team

  • All available URLs (including base url, endpoint paths, etc) - can be provided through the Swagger doc
  • Any non-standard features of using the auth token
  • Any expectations for what VA.gov should provide
  • Any process/steps needed to register a new OAuth 2.0 client ID with the API
    • Process for registering/managing public/private keys

Acceptance Criteria

  • Controller endpoint
    • Tests (unit/integration)
  • Error handling
  • API service changes
  • Vets-api config/param store (auth related)
  • “Lessons learned” documented
  • Vets-api swagger docs updated

Demo

  • Demoable? Yes
  • How? Use an API testing tool (curl, postman, or insomnia) to hit the VA.gov endpoint and show the response
  • Impact? Finishing this work will pave the way for future endpoints, and proves that OAuth authZ has been completed. Ensures our test user works between both systems.

Definition of Done

  • All acceptance criteria are met
  • Documentation is updated
@kjduensing kjduensing added the beneficiary-travel BTSSS VA.gov label Jan 11, 2024
@kjduensing kjduensing changed the title AuthN/AuthZ endpoint integration Authenticated Ping endpoint integration Mar 11, 2024
@athifw athifw self-assigned this Mar 11, 2024
@kjduensing kjduensing added the demoable This is or is part of something that would make a compelling demo label Mar 15, 2024
@ayush-chak ayush-chak changed the title Authenticated Ping endpoint integration Authorized Ping endpoint integration Mar 26, 2024
This was referenced Mar 26, 2024
Merged
Merged
@athifw athifw mentioned this issue Apr 3, 2024
Merged
@kjduensing
Copy link
Contributor Author

kjduensing commented Apr 19, 2024
edited

We successfully request a token from STS. Looks good, with appropriate scopes. However, further testing shows an error on the Travel Pay API side: 401 - "Unauthorized access" I worked with Tim H on the API team, and I suggested they might have to change their issuer value. This requires an API code change and a redeploy. Dev deploys on merge, non-prod deploys manually. He doesn't think it'll take too long.

kjduensing added a commit to department-of-veterans-affairs/vets-api that referenced this issue Apr 26, 2024
@kjduensing
Fixes token access path.
778bee6 
Related to department-of-veterans-affairs/va.gov-team#73503

The BTSSS API token response structure has changed. This PR updates
the way we get the token from the repsonse accordingly.
@kjduensing kjduensing mentioned this issue Apr 26, 2024
Merged
kjduensing added a commit to department-of-veterans-affairs/vets-api that referenced this issue Apr 26, 2024
@kjduensing
Fixes token access path. (#16519)
a59f116 
Related to department-of-veterans-affairs/va.gov-team#73503

The BTSSS API token response structure has changed. This PR updates
the way we get the token from the repsonse accordingly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@athifw athifw

Labels
beneficiary-travel BTSSS VA.gov demoable This is or is part of something that would make a compelling demo
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kjduensing @athifw