interledger
Integration of Backend Package with Hydra for API Calls Authentication in Bruno
Description
As part of enhancing the security and authentication mechanisms for our Admin UI, we have introduced an authentication solution leveraging Kratos for user management and Hydra for OAuth2 and OpenID Connect protocols. This solution effectively secures access to the Admin UI and API calls by requiring access tokens.
To align with this new authentication approach, the API calls now also require access tokens in Bruno. We need a robust, secure method to obtain and use access tokens for API communication in Bruno.
It's important to keep this secure while remaining as simple and straightforward as possible.
Approach
One approach would be to use the pre-registered Hydra Client that is already being created in the localenv set up. Perhaps we can expand this seeding script to pre-register a user using the Kratos Admin APIs directly to avoid the email interactions. This way Bruno would need to make two calls to login the user and to exchange the authorisation code for an access token, which would then be available for use in dev and demo purposes. Or we could take it a step further and actually run the login step in the script and extract the token and set it as an environment variable in Bruno.
We should also add an authentication flow to Bruno so anyone can see the calls required to register, login, and gain access to tokens. Both Kratos and Hydra work with API calls so there should be no reason that Bruno can't implement this flow.
Other approaches should also be considered.
