[Portal - BDRS IF] Transition from API Key to Technical User Authentication for BDRS Integration

[tfjanjua]

Description

We need to update the authentication mechanism for our portal's integration with the BDRS. The current implementation uses an API Key, but it is needed to switch to a new authentication method using a technical user with client ID and secret. The endpoints the portal is hitting remain unchanged, however, the error handling got improved to support the new errors provided with the technical user authentication method.

Acceptance Criteria

1. Replace the API Key authentication with the technical user credentials (client ID and secret).
   [Portal - BDRS IF] Transition from API Key to Technical User Authentication for BDRS Integration portal#456

2. Ensure that all existing endpoints are reachable and fully functional with the new authentication method.

3. Update the error handling to support the new errors specific to technical user authentication.

4. Test all endpoints to ensure that the new authentication is working as expected.

5. Update any documentation to reflect the change in the authentication method.

Tasks

• The portal application's seeding files need to be updated to reflect the latest roles and rights in Keycloak. This includes:

1. Update user_roles.json with the following new roles:

BDRS Management; offer_id: 0ffcb416-1101-4ba6-8d4a-a9dfa31745a4

2. Update user_role_descriptions.json with descriptions for the new roles in both German and English.

BDRS Management
de: “Erstellen und verwalten Sie BPN/DID-Datensätze im BDRS Service.“
en: “Create and manage BPN/DID records inside the service BDRS.“

3. Modify user_role_assigned_collections.json to link the new roles exclusively to the "Operator" collection.

BDRS Management to be assigned to "Operator" collection

4. Enhance company_service_accounts.json with the following service accounts and their descriptions:

sa-cl25-01
Description: This client/technical user will be used to communicate between portal and BDRS to store new BPNL/DID connections.

5. Enhance identities.json with the following service accounts and their descriptions:

sa-cl25-01

id: b28aaf44-acd6-4b77-879b-398fdec28c8b
date_created: 01.10.2024
company_id: {operator company id}
user_status_id: 1
user_entity_id: null
identity_type_id: 2
date_last_changed: null
last_editor_id: null

6. Update identity_assigned_roles.json to link new service accounts to their respective roles as defined in user_roles.json.

sa-cl25-01 assigned to BDRS Management

• Obtain the client ID and secret for the technical user from the BDRS team.
• Update the authentication module in portal to use the technical user's client ID and secret instead of the API Key.
• Conduct thorough testing on all endpoints to validate the new authentication mechanism.
• Update the integration documentation to outline the changes in the authentication process.

Expected Result / Test Cases

Functionality and Test Cases should work as they are working right now, this change will only transform the way of calling BDRS service.

[MaximilianHauer]

@tfjanjua we are currently focusing on stabilizing the 24.12 release it may take a bit until we focus on new features