Auth App

[auniverseaway]

Context

We need to associate the current user to a group so that we can check what permissions they have.

We cannot use emails as these can be de-coupled from our IDP.

We want to have this data as human readable as possible so it can be either managed by sheet or the tooling around management can be very simple.

Data

1. A DA Org will have an IMS Org property (812B47145DC5A2450A495C14@AdobeOrg)
2. An admin will add the associated groups to a group sheet.
   1. Human readable group name (DA Admins)
   2. Ident (837516886)
3. An admin will add paths + group names to an auth sheet.
   1. /* | DA Admins, aec-authors | write
   2. /products/photoshop | event-authors | wrtie

Auth flow

On first authenticated request, we match the users groups to the sheet groups for the DA org. This keeps the list of groups we store with their user to a minimum. There's a lot of random groups in an org and we don't want the session data to be noisy.

We then take their groups and match longest path + most permissive group of the user.

MVP

1. Get the organization for the provided auth token (currently signed in user).
2. Provide a picker for the groups associated with the current auth token.
3. Add the selected groups to the group sheet.

What this gets us

1. We have an easy way to map human readable groups to their ident number.