Challenge Overview
Project Overview
BrivoLabs has a beta version of a node.js/coffeescript application that is called Social Access Management (SAM) API. It uses postgres database, runs on heroku, consists of both a web and a worker process, and uses a redis-based message queue to communicate between them.
Competition Task Overview
You are provided with an updated Architecture documents, you will implement the new requirements outlined in Brivo_Labs_SAM_OAuth_Server_Update_Assembly_Specification.docx document in addition to the following changes :
- When in "dev_mode" the app should validate that the "apikey" header is present and non-null (simulating what is done by mashery).
- what is dev_mode?
- SAM API is using Mashery as API product managment tool, Mashery proxy requrie specific headers to be present, we added dev_mode to exclude setting headers when doing development, one of these headers is "apikey" and we need to use it in dev_mode
- what is dev_mode?
- In postman, Combine the two versions of "oauth server" folder. There should be only one style of authentication. Note that the /authorize service takes either client_id or apikey depending. This should consistently use "client_id" as a parameter and "apikey" in the header.
- Do not validate redirect_url in dev_mode (this concept does not exist in mashery)
Documentation Provided
Provided in challenge forums :
- Updated architecture documents : brivolabs-oauth-updated-finalfixes.zip
- Api Source Code : BrivoLabs-dragon_20140604_14.zip
Final Submission Guidelines
Submission Deliverables
Below is an overview of the deliverables:
- Patch file of the changed files.
- A complete and detailed deployment document explaining how to deploy the application including configuration information.
Final Submission
For each member, the final submission should be uploaded to the Online Review Tool.