SPIKE: Dynamic Middleware for multiple Next Auth providers

[lina-roth]

What needs to be done

We need to evaluate a strategy for switching middleware based on what authorization type our client is using (Keycloak, Azure AD, .. etc)

Initial idea is to use an env_var set to what auth_type and based on that to select the correct middleware file (would either need complex if/else in 1 middleware file, or need multiple files and select and move the correct one on startup)

Why it needs to be done

Our current middleware implementation does not work with Keycloak (and most likely not Azure as well) and based on what authorization our client uses we will need to swap which middleware implementation we will be using.

Also we will need to consider differences in what routes are blocked by auth for integrated vs non integrated vs both.

Timebox

How much time should be dedicated to this spike?

To-do list

• Create strategy for switching middleware
• Create strategy for handling integrated vs non integrated vs both
• POC of implementation

Additional context

#3064 #3065

Dual Boot Mode

Several of our NBS states have asked for certain users to have access to the eCR Library. Our middleware solution will need to determine how to support this. The flow in these dual boot states would be:

• Users coming from NBS can only see the eCR they have a direct link to (they don't see the backlink to eCR Library, and can't go to any other pages)
• Users logging in directly from the Library have full access to see that and other eCRs