Add Card API scopes
User story:
- As a card administrator / card representative, I want to be informed of what data the card frontend will be accessing on my behalf and prompted to allow the frontend access this data, so that I am aware of what data is being accessed on my behalf.
Technical implementation
Add Card API scopes as hardcoded scopes which can be consented to by the user as part of the login flow.
The Card API scopes are currently defined under https://gitlab.developers.cam.ac.uk/uis/devops/iam/card-database/card-api/-/issues/116. We can hardcode for now until #3 (comment 273612) is implemented. The added scopes should be the readonly scopes defined by the Card API:
https://api.apps.cam.ac.uk/card/card-logos.readonly
https://api.apps.cam.ac.uk/card/card-requests.readonly
https://api.apps.cam.ac.uk/card/cards.readonly
https://api.apps.cam.ac.uk/card/available-barcodes.readonly
Edited by Monty Dawson