Enhance Authentication Model – Move GitHub Token and User Information from YAML File to Database

[ratheesh-kr]

The Tech BD Hub application uses GitHub token-based authentication.
The system retrieves the GitHub ID and related user information from a sensitive YAML file stored in a protected folder, using a deployment user token to authenticate.

To improve security, scalability, and maintainability, we plan to refactor this model by moving user and authentication-related information into a database table instead of a static file.

Proposed Enhancements

Database-Backed Authentication

• Create a dedicated database table to store user information (GitHub ID, tenant ID, associated subdomains, etc.).
• Replace the YAML file lookup with a secure database query.
• Maintain GitHub as the Identity Provider (IdP) for authentication, while fetching user context (tenant, access details) from the database.

Authentication Flow Update

• Continue verifying user identity using GitHub OAuth tokens.
• Fetch the user details and tenant mappings from the new database instead of the file.
• Ensure compatibility with the existing deployment user token process.