Story

As an admin, I would like a method to authorize access to APIs.

UAC

Confirm

1. User permissions can be configured to control access to all API methods.
2. Users can be configured to perform the some methods and not others.
3. Authenticated users can be denied access to all methods for a unique API.

Updated Notes

Based on the most recent discussion with CFA about how this API will be used, we will need more than one set of Client Credentials for the various CFA apps that will use our API.
We are going to create two new users ("ahaApiUser") and security groups ("CFA AHA Application") in Inform to represent the permissions of this app. Each method on the API can then have its own permission, and we can assign those permissions to the CFA app security groups.

New Inform Users added:
ahaApiUser
cfaForecastUser

New Security groups added:
CFA AHA Application
CFA Forecast Application

New Okta application added for CFA Forecast Application:
Client Id = 0oarcorhdgYwB5rny4x6
Client Secret = -aLNYLbb68WtWf8_cjn9v4XTp5XNF9H3M1cxLWRu
(the rest of the Client Credential are the same as described in [CFAMX-11138|https://jira.hotschedules.com/browse/CFAMX-11138)

New Permissions added:
Inform Api - Get Waste Item - Can Access
Inform Api - Get Waste Reasons - Can Access
Inform Api - Post Waste Item - Can Access

And a 403 error with the message "User does not have permission to access this method."