...
Jira Legacy server System JIRA serverId 13fd1930-5608-3aac-a5dd-21b934d3a4b4 key ARCHBOM-107 AUTHENTICATION_CLASSESis a default setting for DRF endpoints.This would enable the use of JwtAuthentication from most edx-platform DRF endpoints.
DRF endpoints that override the default should be reviewed to see if the override can be deleted, once there is a sane default.
Order is an open question: JwtAuthentication before or after SessionAuthentication?
Unfortunately, due to differences noted in DEPR(#165), order matters.
Also, order matters until ARCHBOM-1218 is implemented.
For rollout, propose to add a custom version of BasicAuthentication in edx-platform that adds some monitoring to see how and if it is used in Production.
It would be good to drop BasicAuthentication from the defaults if we don’t actually want it.
Jira Legacy server System JIRA serverId 13fd1930-5608-3aac-a5dd-21b934d3a4b4 key ARCHBOM-1218 A fresh ticket is probably in order here. I’m not clear on the final proposed solution, and where we need monitoring along the way, but this definitely adds complexity to our authentication, and I think there is a simpler way.
(“unfinished”)Jira Legacy server System JIRA serverId 13fd1930-5608-3aac-a5dd-21b934d3a4b4 key ARCHBOM-1181 Not sure if this has any additional useful context, or is redundant and should be forgotten.
(“unfinished”)Jira Legacy server System JIRA serverId 13fd1930-5608-3aac-a5dd-21b934d3a4b4 key ARCHBOM-1183
(“unfinished”)Jira Legacy server System JIRA serverId 13fd1930-5608-3aac-a5dd-21b934d3a4b4 key ARCHBOM-1074 Adding an endpoint to LMS to expose the public signing keys. (Unticketed)
This would simplify key rotation. It came up at 2U for non-Open edX platform applications that may use the JWT cookie for SSO.
Simpler authentication
These changes should simplify authentication, which may affect engineers in certain cases, but possibly not as directly as the “Easier to use” category.
...