IDP: Frontend changes on authentication

[carmenfan]

Description

Parent issue: #5356
Requires: #5412

With #5412, the way we authenticate users has changed, and the following flows are now removed:

• all AAD routes (link/unlink, sign up, authenticate etc)
• forgot password
• reset password
• signup
• verify
• login (username and password)

So any frontend logic around these flows can also be removed.

Instead, authentication now exclusively happen via an OAuth flow with frontegg. A page has been added in #5356. However we need to add an additional authentication flow when the user tries to access any data on a specific teamspace.

The session now requires to be authenticated against a particular teamspace in order for the data to be released. When the user first login, they will be authenticated against a teamspace already (typically the last teamspace they were authenticated against), this information is available via GET login request

To authenticate the user against another teamspace, the OAuth workflow will need to be triggered again with a different endpoint to fetch the authentication link:

3drepo.io/backend/src/v5/routes/authentication.js

Line 61 in 1da40bc

* /authentication/authenticate/{teamspace}:

Note that this route is only available if the user has a valid session with the server and is a member of the teamspace. Upon success, the authenticatedTeamspace field via GET login request will be updated.

Specification

• Auth flow for different teamspaces

Goals

• As a Teamspace Admin, I want to ensure any additional security restriction (SSO, MFA etc) are respected before the user is granted access to the data.
• As a user, I want to access teamspace data via the frontend UI as before, any additional flow show be easy to follow.

Tasks

TBC