JWT Token
Every 3C domain has a cookie named token for production and token_stage for staging. We need to authenticate based on it. The type of machine will be in localSettings file, added manually.
This authentication is to be done on every request. Changes to the access can happen at any time we need to disable access ASAP, if needed.
For authentication of a user we need to verify this token and extract the info. For staging we need to use: https://stage-api.threecolts.com/.well-known/jwks.json. For live will be provided later.
Once the token is validated and it’s info extracted we will have three sections user, organization and products.
We need to select the data from hub_alpha>threecolts_app. There will be only 1 record and with app_name we need to find in the products array. Then we need the hub_alpha>user>id so we match user.id from the decoded info to hub_alpha>user>threecolts_user_id. And then we search for product_account_id ( that must equal to one of our hub_alpha>client>id). Then we search for both hub_alpha>user>id and hub_alpha>client>id to be in the same row in hub_alpha>client_user. If all of these check are successfull we consider the user authenticated. If not we are to redirect them to https://manager.threecolts.com/v2/login?source=app_name. Use the stage-manager.threecolts.com url for stage/dev
Once the user is authenticated we need to send him to the correct machine/database. We need to check the current domain with the domain of the database from hub_alpha>client>domainIf they match, it is localhost variant or it is a static IP we need to connect to the database. Otherwise we need to forward to the new domain, only if it is “.threecolts.com”, and let the authentication be handled from their. If none of these cases are covered we are to return 421 code.