Access token as Cookie
/proxy handler in expressjs (https://gitlab.croptrust.org/genesys-pgr/genesys-ui/blob/master/server/middleware/httpProxy.ts#L18-25) checks request cookies for
access_token and converts it to
Authorization: Bearer ... HTTP header before forwarding the request to the API server.
We need the API server to respect the
access_token cookie, not just the
Authorization HTTP request header. Maybe Spring Security libraries allow for this. If not, we need a servlet that is processed before OAuth auth servlets in the API that converts the cookie to the
Authorization: Bearer ... header.
When this is implemented, we can remove the
/proxy handler from
genesys-new-ui project and update all HTTP links that start with
/proxy/** to point to API URL directly.