** Notice: all internal pipelines have been restricted to 30 minute timeouts, if your CI/CD runs take longer, either use your own runners or read below **
We would remind everyone that the CI/CD services provided by the university Gitlab servers are intended for CI/CD use only (ie. delivering new versions of your software to your production servers, etc).They are not intended for data analysis or -production use, or creating, building and running servers to do heavy data calculation or visualization.
As a general guideline; if your jobs take more than 15 minutes, you might be running something that is better suited for a dedicated system or a virtual server - in this case, please contact the helpdesk for a solution to your needs.
The authentication and authorization service is responsible for all login and account management, as well as providing access tokens that other services can check to authorize access to resources.
# Key Requirements
* Uses a docker container(s)
* Provides a REST API using JSON which can be mounted to a HTTP endpoint with a reverse proxy in nginx.
* Generates session IDs that can be in both cookies or the Authorization header.
* The session ID or token either provides all capabilities directly (JWT) or is an ID that then provides a full token inside Redis.
* Users are associated to a set of groups, each group being identified by a unique ID. Resources in other services are then assigned to one or more groups. The group information of users must be in the access token as a list of all groups they belong to.
* This service must manage these groups allowing for CRUD operations.
* Admin users can create new user accounts (CRUD)
* Users can edit their account details and change their password
* Login using URL username and password (Basic auth) needs to be possible for websockets.
