Request - Provider Auth Config should not protect based on HTTP Verb

[joneubank]

Summary of request

This is a proposal for updating the AuthConfig. I am looking for comments and feedback on approach before modifying the existing setup.

The current AuthConfig for the lyric data provider requests a list of HTTP Verbs for enabling auth for data access. In practice, we want all auth enabled by default. Instead of configuring auth by verbs, we should include functional groups of endpoints that we can opt to disable auth for.

The expected case for this is a data repository that allows public read of submitted data but restricts writes.

Details

1. Remove ProtectedMethods array from auth (and from config options in server implementation).
2. Ensure auth is always enabled by default
3. Update the auth config to include the following options
   • allowPublicReadData
   • allowPublicWriteData
   • allowPublicManageCategoriesAndDictionaries

If any of the allow options are enabled, functions that perform the listed action will not perform any auth checks on the incoming requests.

Note

There may be some endpoints that do not have any auth enabled by default, these are unaffected by this issue.

[joneubank]

Rephrasing for clarity: the intention of the flags that would replace the protected methods array is to have a setting that would disable all auth checks for a set of endponts with related functionality. The groupings proposed above would be more clearly stated as:

• disable auth checks for reading submitted data
• disable auth checks for submitting data
• disable auth checks for registering new categories or updating new dictionaries

[joneubank]

Initial agreement for points 1 and 2 above, we want auth to be enabled by default and not dependent on the request method.

We should remove the protectedMethods property from the Lyric AuthConfig and remove the section of code in the shouldBypassAuth method that relies on it. We can then also remove any server config properties where the user sets the value of this array.