Part of the LDE rollout — see #906.
The LDE endpoint currently authenticates callers with a static X-API-Key. Expand to a stronger, externally-appropriate auth model — Cognito-based — reusing the existing machinery rather than inventing new auth:
Suggested: start with a short design spike to settle the model before implementation, since the lightweight FE LDE app depends on Cognito auth being in place.
Related: #961 (tenant isolation — assigned), #989 (live cross-tenant isolation test), #990 (drop public search_path fallback), #937 (security umbrella). This is where the LDE track and the tenant-isolation follow-ups converge.
Blocks: lightweight FE LDE app.
Part of the LDE rollout — see #906.
The LDE endpoint currently authenticates callers with a static
X-API-Key. Expand to a stronger, externally-appropriate auth model — Cognito-based — reusing the existing machinery rather than inventing new auth:AuthMiddleware+ Cognito (self-serve tenant auth, Self-Serve MDR: Phase 1 — Cognito Self-Registration #882/Self-Serve MDR: Phase 2 — Schema Isolation per Tenant #883/Self-Serve MDR: Phase 3 — Landing Page, Invite Links & Group Management #884)X-API-Tenant-Schema/resolve_tenant_schema(Self-Serve MDR: Tenant isolation — cross-tenant query test + search_path deny policy #961) — note the LDE export flow currently does not forward a tenant schema by design (per PR Issue #906: Phase B - exports logic #958 discussion); revisit that decision here.Suggested: start with a short design spike to settle the model before implementation, since the lightweight FE LDE app depends on Cognito auth being in place.
Related: #961 (tenant isolation — assigned), #989 (live cross-tenant isolation test), #990 (drop
publicsearch_path fallback), #937 (security umbrella). This is where the LDE track and the tenant-isolation follow-ups converge.Blocks: lightweight FE LDE app.