Integrations Team Liaisons
- Jason Burns, Authentication Liaison (https://github.com/jasonb315)
- Andrew Curtis, GraphQL API Liaison (https://github.com/amjcurtis)
Authentication Team
- Tanner Percival, Lead Developer (https://github.com/Tanner253)
- Andrew Roska, Developer (https://github.com/Roketsu86)
- Ben Taylor, Developer (https://github.com/BenSTay)
GraphQL Team
- Daniel Logerstedt, Lead Developer (https://github.com/daniellogerstedt)
- Ian Gifford, Developer (https://github.com/IanGifford261)
- Michael Kelly, Developer (https://github.com/Michael-S-Kelly)
- Christopher Morton, Developer (https://github.com/cmorto02)
Utilize OAuth for Google and GitHub through Auth0 (Library of OAuth providers) to quickly and seamlessly allow users to register and use the site as intended. Note that with Auth0 there is a default and mandatory timeout for the access token where a new one is generated on login or register. This means that the access token is not persistant and so is challenging to validate.
Build a responsive GraphQL API endpoint that has the ability to perform full CRUD operations with an attached database for storing professional competency reviews and comments based on the list of core competencies.
Authentication and GraphQL API server, and database code for the back-end portion of the Curve app prototype.
Use Auth0 Use GraphQL Utilize multiple user roles Maximize security
The API is deployed on Azure: https://cfcurve.azurewebsites.net/graphql
ASP.NET Core GraphQL JWT Auth0 Entity Framework SQL Server Swagger docs
We chose to use Auth0 was because the client wanted the app to implement OAuth to allow multiple login services, and Auth0 handles the requests and responses of verification securely. We utilize a controller to handle the actions to and from Auth0 and a model to store the proper data to authenticate the user.
GraphQL was chosen for use in building the API because it was a hard requirement of the client. It was decided this would be used by the client because it allows dynamic and quick loading of data from the database that isn't restricted to a specific shape or type.
Clone this repository to your local machine.
$ git clone https://github.com/CodeFellows-Curve/dotnet-api.git
-
Select
File
->Open
->Project/Solution
-
Next navigate to the location you cloned the Repository.
-
Double click on the
dotnet-api
directory. -
Then select and open
curve-api.sln
-
Click the IIS Express button at the top.
-
Follow steps 1 - 4 of running.
-
Click
Test
menu -
Select
Run All Tests
0900-0915: Debrief, assign work for the day 1000-1015: Meeting of all Curve project teams and clients 1100-1115: Standup meeting to sync with project manager and Integrations team 1600-1630 PM : Standup to sync and do daily retro
GraphQL Team Schedule
- 0900-0915: Meet up for internal team plan of the day.
- 1030-1045: Standup meeting.
- 1100-1130: Team leadership meeting.
- 1200-1300: Break for lunch as needed.
- 1300-1600: Work with other teams.
- 1600-1630: Standup meeting.
- 1630-1700: Work with other teams.
- 1700-1730: Scrum of Scrums.
- 1730-1800: End of day wrap up work.
The front end handles retrieval of the token and the authentication of a user.
The GraphQL endpoint can currently receive queries to GET, POST, and PUT data as requested.
- Cannot send user information over http requests (security vulnerability)
- CANNOT use GraphQL and a form of authentication through Auth0
- MUST validate access token with Auth0 at frequent intervals due to automatic token timeout. Every request generates a different token, so persistence is difficult to manage, though the necessity of renewing the token so often does offer a security advantage.
- Adding more roles to facilitate more or less accessibility per user.
- If we were not using GraphQL or this project was in one repo most of the issues would be solved more easily.
Increase security for authorization for the data access from the front end
- Implement a return for delete functionality to prevent errors in GraphiQL and verify delete is properly completed
- More in-depth testing of GraphQL endpoint
- Build side-by-side REST API?
- Implement more policy controls and security
Look into GraphQL Resource #2 thoroughly (see below).
https://github.com/CodeFellows-Curve/dotnet-api/blob/pre-staging/curve-api/curve-api/README-Auth.md