AAI-175 AAI-180 Token Validator & Auth0 Management API integration

[minh-biocommons]

Description

AAI-175: Create and test a decorator/FastAPI dependency that validates JWT tokens for AAI Backend
AAI-180: Integrate Auth0 Management API in aai-backend

Changes

• Have a way to mark each API route as requiring JWT validation
• Have unit tests that only pass when a protected route gets a valid JWT
• Implement Auth0 Management API integration. This allows ommunication with Auth0 for role and metadata management.

Checklist

• I have commented my code, particularly in hard-to-understand areas
• I have added unit / integration tests that prove my fix is effective or that my feature works
• I have run all tests locally and they pass
• I have updated the documentation (if applicable)

How to Test Manually (if necessary)

For manual testing, follow these steps:

1. Create a .env and put in the vars referenced in the code, most of which can be found from Auth0 AAI Backend app
2. Run the server
3. Get an access token from logging into Auth0/using the Auth0 debugger and then use postman or similar tools and call the endpoint localhost:8000/private with the access token as a Bearer
4. Inspect the response

[marius-mather]

This is looking great overall, just a few suggestions for code cleanups and things to fix up.

[marius-mather]

@amandazhuyilan I think this is good for review. I've made a few changes because I wanted to make sure we were describing our data with models/objects rather than just passing around dictionaries, so we now create a User object after verifying the JWT, and when we want to check permissions in future we should write that code as methods for the User class.

[amandazhuyilan]

Overall looks great - only nit picking on the imports

[marius-mather]

good to merge now