Web UI Authn & Authz (Tracking Issue)

[couchand]

Description

Lots of upcoming improvements to the web UI will be exposing potentially sensitive data, and a number of existing pages already do (see #23555). We don't want the web UI to be a security hole, so we need to properly authenticate & authorize users.

Related issues

Original report: #6307
Another general discussion: #18206
Obviates: #24992
Possibly related: #24989

Breakdown

Milestone	Issue	PR	Description	Progress
🛴		#25057	Environment variable to enable login	🏁
🛴	#24942	#24945	Exempt healthcheck from authn	🏁
🛴	#25171	#25195	Remember that the user has a session	🏁
🛴	#24939	#26066	UI components for login screen	🏁
🛴		#25005	Require login in web UI	🏁
🛴	#25784	#26062	Logout	🏁
🛴	#25785	#26053	Redirect to login if API call comes back forbidden	🏁
🗑	#25771		Race condition during startup	🗑
🚲			Audit API endpoints for authn	🏁
🚗	#26518	#28207	Remove environment variable/require login	👥
🚗	#24992	#28209	Clean up remote_debugging setting checks	👥
🚀	#8767		Run API requests as the authenticated user	📄
🚀	#25526		Anonymous-access version of web UI	📄
🚀	#25044		Single-sign on	📄
🚀			Fine-grained permissioning for web UI-specific data.	📄

Legend

Category	Icon	Description
Milestone
.	🛴	POC
.	🚲	MVP
.	🚗	Release
.	🚀	Future Work
Progress
.	📄	Not Started
.	✍️	In Progress
.	👥	In Review
.	🏁	Merged
.	🚷	Blocked

[jordanlewis]

We've had this for some time now.