feat(bff): BFF with one endpoint per portal + OIDC validation (closes #8) #64
Reference in New Issue
Block a user
Delete Branch "feat/8-bff"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What & why
S-07: the BFF (Backend-for-Frontend) — the single backend the portals talk to (§8.3). For the
walking skeleton it exposes:
POST /self-service/registrations— requires a valid KeycloakdigidJWT; extracts thebsnclaim and forwards it to the Domain Service (#6), returning 202. Missing/invalid/expired token → 401.
GET /openbaar/register?q=…— anonymous public lookup (S-09) → reads the projection (#7) andreturns only public-safe fields (
id+status; the bsn never leaves the BFF).Closes #8
Closes #63
Definition of Done
refs #8).docker compose upreaches green health checks (bff health-checked; depends_on domain/projection/keycloak).docs/architecture/adr-0010-bff-oidc.md.docs/demo-script.md.Notes for reviewers
WebApplicationFactorytests reconfigure JWT bearer with alocal test signing key, so valid/invalid/expired/wrong-key tokens are exercised in-process. A
Reqnroll acceptance scenario drives the same over HTTP. Real Keycloak validation is the live-stack
verify-bffcheck (mints a realdigidtoken via direct grant againstkeycloak:8080).start-devderives the issuer from the request host, so the BFFauthority and the verify token request both use
keycloak:8080— no issuer mismatch (ADR-0010).services/bff/openapi.jsonis generated (typed 202/400/401 + 200 schemas; thevolatile
serversblock is cleared for determinism) and guarded by a drift test — S-08's client isgenerated from it.
OpenbaarProjection, break 90).Program.cs(wiring)and
DownstreamClients.cs(HTTP adapters) are excluded — covered by the endpoint tests + verify-bff,consistent with how the other services scope Stryker.
(later slices), per the issue and ADR-0010.
🤖 Generated with Claude Code