Fwd: Update: Security Updates After Deployment - GIG Service

[Malith Jayasinghe]

---------- Forwarded message ---------
From: Visal Vitharana (Intern) <vi...@wso2.com>
Date: Wed, Sep 25, 2024 at 10:10 AM
Subject: Update: Security Updates After Deployment - GIG Service
To: <mal...@datafoundation.lk>

Hi all,

This email summarizes the security updates made following the deployment of the gig service backend in Choreo.

Purpose:
To enhance security, we implemented OAuth 2.0 for endpoints, which were previously unsecured except for certain data-entry endpoints. This update ensures that only authorized requests can access sensitive data.

Changes Made:

1. Frontend OAuth 2.0 Token Generation:
   Updated the Org Chart frontend to generate tokens using Choreo's managed authentication (client_credentials) to secure API access.
   
   

2. Frontend Adjustments:
   Modified the frontend to handle new secured backend requests effectively.
   
   

3. Error Handling:
   Added error handling for invalid tokens, specifically to manage scenarios involving invalid credentials.
   
   

4. API Call Updates:
   Updated API calls to include the new Authorization header for requests to endpoints secured with OAuth 2.0.

As a result of these changes, only components connected to the backend in Choreo are now permitted to fetch data from the secured endpoints.

For a detailed review of these updates, please refer to the PR: Org Chart Frontend Security Updates.

Best regards,
Visal.

--

Visal Vitharana | Intern Software Engineer | WSO2

(m)  +94 76 712 3972      |      (e)  vi...@wso2.com