Update token-introspection package #3306
Description
Context
There is a few things we can do to simplify the token-introspection package.
- Remove OpenAPI validation
OpenAPI validation for clients is useful when calling "untrusted/verified" services. However, token-introspection exports a client that is only used making internal calls between the RS and AS. This means validation is less useful, especially if the token introspection request requires the correct types (which we have). We can remove the validating the OpenAPI spec during each request by removing getTokenIntrospectionOpenAPI and its dependencies.
- Simplify the build step
In order to support OpenAPI validation, we end up needing to package the yaml files in the build step (so we can create the OpenAPI validator during runtime via getTokenIntrospectionOpenAPI). This complicates the build process not only in the local project, but also in our Dockerfiles:
Because we don't need to package up the files during the build step we can simplify the building of the project, we can remove the prepack and copy-files package.json commands.
- Update TS project references
Now, token-introspection can be linked directly to auth and backend folders via the references config in the of the respective tsconfig.json files of the two projects. This will allow typescript to build token-introspection when building auth or backend automatically, and allow us to to navigate between TS files easily. We also don't need the build:deps command in auth or backend.
- Update Dockerfiles
Now that token-introspection no longer needs to be build directly as a dependency, we can simplify the auth and backend dev Docker files by removing build:deps while the prod Dockerfiles don't need explicit COPY token-introspection commands since the package should be automatically built when runnning the build command for backend and auth.
Todos
- Remove OpenAPI validation
- Simplify the build step
- Update TS project references
- Update Dockerfiles