Simple JWT Auth - All endpoints

[k-macmillan]

User Story - Business Need

Implement a simple JWT check. This is to allow our devs the ability to make requests to va-enp-api when it is deployed. For now, all endpoints will use the JWT auth. Future work will involve admin routes and refactoring authentication entirely.

• Ticket is understood, and QA has been contacted (if the ticket has a QA label).

User Story(ies)

As a VA Notify dev
I want only authenticated responses being processed
So that we remain secure, even in testing

Additional Info and Resources

FastAPI basically has a built in way to apply this to every route in a router with a parameter called dependencies.

Acceptance Criteria

• The APIRouter in v2/v3 use the dependencies parameter and Depends to specify the list/tuple of dependencies (only the auth method for now)
• Use the ENP_TEMP_AUTH env var to authenticate the JWT
• Expire check for more than 60 seconds after creation
• main.py routes removed or have authentication added other than the hello world route
• Only one parameter for auth, and it is loaded in as a task definition secret
• This work is added to the sprint review slide deck (key win bullet point and demo slide)

QA Considerations

Unauthenticated requests fail in a graceful way.

Potential Dependencies

ENP_TEMP_AUTH SSM param needs to exist and the task definition needs to pull it in as a secret.

Out of Scope

An infra ticket will add the env var to SSM
https://fastapi.tiangolo.com/advanced/security/oauth2-scopes/