Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DCA-9: Implement JWT-Based Access Control for Content Spaces #245

Open
sebpalluel opened this issue Jan 17, 2024 · 0 comments
Open

DCA-9: Implement JWT-Based Access Control for Content Spaces #245

sebpalluel opened this issue Jan 17, 2024 · 0 comments
Milestone
Digital Content A...

Comments

@sebpalluel
Copy link
Contributor

DCA-9: Implement JWT-Based Access Control for Content Spaces

Description

Implement JWT-based access control for Content Spaces, focusing on secure JWT construction and access scoping. Modify the current JWT generation process to include content-specific access rights, and integrate these changes with the Bytescale API. Ensure role-based access in the back-office and content-specific access in the web platform.

Tasks

  1. JWT Settings Modification:
    • Move JWT access settings from the Next Auth JWT construction to the respective API routes (/api/bytescale/jwt/route.ts) in both web and back-office platforms.
  2. Back-Office Access Control:
    • In the back-office, use the current role from the JWT cookie to construct access authorization for the organizer space.
  3. Web Platform Access Control:
    • In the web platform, construct access rights for user spaces as currently done.
    • Modify the route to take an argument for granting access to a specific Content Space, scoping the access to read rights for that folder within the given organizer.
    • Verify user access based on NFT ownership using existing methods.
  4. Integration with Bytescale:
    • Provide the modified route to Bytescale for accessing content in Content Spaces.
  5. Regression Testing:
    • Conduct thorough testing on both web and back-office platforms to ensure there are no regressions, especially where Bytescale is used.

Acceptance Criteria

  1. Secure JWT Construction: JWTs are constructed securely with appropriate access settings for each platform.
  2. Role-Based Access in Back-Office: The back-office JWT correctly reflects the user's role and grants corresponding access to the organizer space.
  3. Content-Specific Access in Web Platform: The web platform JWT grants access to specific Content Spaces, with rights scoped to read-only for the relevant folder.
  4. Correct Integration with Bytescale: The integration with Bytescale allows for the appropriate access to Content Spaces based on the modified JWTs.
  5. No Regression Issues: Ensure that the changes do not cause any regression issues in existing functionalities.

Notes

  • Prioritize security and correctness in the JWT construction process.
  • Ensure that access control mechanisms are robust and thoroughly tested.
  • Maintain compatibility with existing Bytescale integrations and functionalities.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Roadmap Q1 / Q2 2024
Status: No status
Milestone
Digital Content Access
Development

No branches or pull requests
1 participant
@sebpalluel