Access token as Cookie
The /proxy
handler in expressjs (https://gitlab.croptrust.org/genesys-pgr/genesys-ui/blob/master/server/middleware/httpProxy.ts#L18-25) checks request cookies for access_token
and converts it to Authorization: Bearer ...
HTTP header before forwarding the request to the API server.
Servlet
We need the API server to respect the access_token
cookie, not just the Authorization
HTTP request header. Maybe Spring Security libraries allow for this. If not, we need a servlet that is processed before OAuth auth servlets in the API that converts the cookie to the Authorization: Bearer ...
header.
When this is implemented, we can remove the /proxy
handler from genesys-new-ui
project and update all HTTP links that start with /proxy/**
to point to API URL directly.