API authentication, add users to replace basic auth

[plutov]

There are 2 types of API routes:

• Private: for admins. Starts with /app
• Public: for respondents. Starts with /surveys

While public one can be open, the private is better to be protected as it can be used to manage the surveys.

Proposal:

• Introduce JWT-based auth for these endpoints
• Frontend to retrieve the JWT token and use it for requests
• That means we probably need to introduce user(s) instead of basic auth

[Rathish-Rajendran]

Hi plutov,
I would love to implement this feature.
Can you kindly elaborate on what is exactly needed with more details?

Thanks!

[syfuuu]

@plutov i can work on this. Please mention by username if @Rathish-Rajendran didn't pick it up.

[Rathish-Rajendran]

@plutov can you kindly elaborate on this feature?

[plutov]

Sure, there is an admin console to manage surveys and see the responses, it is already protected by simple basic http auth, but API endpoints are not. My idea is to have JWT-based authentication there.

[Ibukun-tech]

can I be assigned this @plutov?
you want a security enhancement to the application by adding JWT-based authentication to the API endpoints.

[plutov]

@Ibukun-tech sure