-
Notifications
You must be signed in to change notification settings - Fork 18
Working with IDT
See this section of the Caseflow APIs wiki page.
Instead of continuously using a Rails session cookie set by the SSO login flow, IDT first ties a user session to a bearer token, then uses the bearer token to authenticate subsequent API calls:
- IDT calls
GET /idt/api/v1/token
to generate a one-time key and token pair. Caseflow stores this mapping in Redis. - User logs in to Caseflow via web browser.
- User calls
GET /idt/auth?one_time_key=OTK
while logged in. Caseflow discards the one-time key and stores the mapping between the token and the user's CSS ID in Redis. - IDT authenticates subsequent calls with the token.
Looking up a user for a token
Idt::Token.associated_css_id("a-long-128-byte-string")
Looking up a token for a user
cli = Idt::Token.client
keys = cli.keys("#{Idt::Token::VALID_TOKENS_KEY}*")
token = keys.find { |k| cli.get(k) == user.css_id }
If token
ends up being nil, that means the user has not successfully authenticated to IDT yet.
Calculating token age and expiration
To determine when a token will expire:
Time.zone.now + cli.ttl(token).seconds
This also reveals when the token was activated, assuming the TTL value has not changed in the code.
Time.zone.now + cli.ttl(token).seconds - Idt::Token::TOKEN_VALIDITY_IN_SECONDS.seconds
Pre-loading tokens for users
Sometimes it is helpful to manually assign preset IDT tokens to user accounts. For example, when doing integration testing against IDT in UAT or demo environments, the usual authentication process is cumbersome and can be bypassed.
def activate(token, css_id)
cli = Idt::Token.client
key = Idt::Token::VALID_TOKENS_KEY + token
cli.set(key, css_id)
cli.expire(key, Idt::Token::TOKEN_VALIDITY_IN_SECONDS)
end
# example call:
activate("12345", "BVAAABSHIRE")
# and to verify:
Idt::Token.associated_css_id("12345")
- Home
- Acronyms and Glossary
- Caseflow products
- Caseflow Intake
- Caseflow Queue
- Appeals Consumer
- Caseflow Reader
- Caseflow eFolder
- Caseflow Hearings
- Caseflow Certification
- Caseflow APIs
- Appeal Status API
- Caseflow Dispatch
-
CSUM Roles
- System Admin
- VHA Team Management
- Active Record Queries Resource
- External Integrations
- Caseflow Demo
- Caseflow ProdTest
- Background
- Stuck Jobs
- VA Notify
- Caseflow-Team
- Frontend Best Practices
- Accessibility
- How-To
- Debugging Tips
- Adding a Feature Flag with FeatureToggle
- Editing AMA issues
- Editing a decision review
- Fixing task trees
- Investigating and diagnosing issues
- Data and Metric Request Workflow
- Exporting and Importing Appeals
- Explain page for Appeals
- Record associations and Foreign Keys
- Upgrading Ruby
- Stuck Appeals
- Testing Action Mailer Messages Locally
- Re-running Seed Files
- Rake Generator for Legacy Appeals
- Manually running Scheduled Jobs
- System Admin UI
- Caseflow Makefile
- Upgrading Postgresql from v11.7 to v14.8 Locally
- VACOLS VM Trigger Fix M1
- Using SlackService to Send a Job Alert
- Technical Talks