Stores the jwt token in a http cookie

api/design/rating.go

@@ -15,7 +15,6 @@
 package design
 
 import (
-	"github.com/tektoncd/hub/api/design/types"
 	. "goa.design/goa/v3/dsl"
 )
 
@@ -29,13 +28,10 @@ var _ = Service("rating", func() {
 
 	Method("Get", func() {
 		Description("Find user's rating for a resource")
-		Security(types.JWTAuth, func() {
-			Scope("rating:read")
-		})
 		Payload(func() {
 			Attribute("id", UInt, "ID of a resource")
-			Token("token", String, "JWT")
-			Required("id", "token")
+			Attribute("session", String, "Session ID")
+			Required("id", "session")
 		})
 		Result(func() {
 			Attribute("rating", Int, "User rating for resource", func() {
@@ -46,7 +42,7 @@ var _ = Service("rating", func() {
 
 		HTTP(func() {
 			GET("/resource/{id}/rating")
-			Header("token:Authorization")
+			Cookie("session:accessToken")
 
 			Response(StatusOK)
 			Response("not-found", StatusNotFound)
@@ -58,22 +54,19 @@ var _ = Service("rating", func() {
 
 	Method("Update", func() {
 		Description("Update user's rating for a resource")
-		Security(types.JWTAuth, func() {
-			Scope("rating:write")
-		})
 		Payload(func() {
 			Attribute("id", UInt, "ID of a resource")
 			Attribute("rating", UInt, "User rating for resource", func() {
 				Minimum(0)
 				Maximum(5)
 			})
-			Token("token", String, "JWT")
-			Required("id", "token", "rating")
+			Attribute("session", String, "Session ID")
+			Required("id", "rating", "session")
 		})
 
 		HTTP(func() {
 			PUT("/resource/{id}/rating")
-			Header("token:Authorization")
+			Cookie("session:accessToken")
 
 			Response(StatusOK)
 			Response("not-found", StatusNotFound)

api/gen/http/openapi.yaml

@@ -347,23 +347,14 @@ paths:
       tags:
       - rating
       summary: Get rating
-      description: |-
-        Find user's rating for a resource
-
-        **Required security scopes for jwt**:
-          * `rating:read`
+      description: Find user's rating for a resource
       operationId: rating#Get
       parameters:
       - name: id
         in: path
         description: ID of a resource
         required: true
         type: integer
-      - name: Authorization
-        in: header
-        description: JWT
-        required: true
-        type: string
       responses:
         "200":
           description: OK response.
@@ -389,29 +380,18 @@ paths:
             $ref: '#/definitions/RatingGetInternalErrorResponseBody'
       schemes:
       - https
-      security:
-      - jwt_header_Authorization: []
     put:
       tags:
       - rating
       summary: Update rating
-      description: |-
-        Update user's rating for a resource
-
-        **Required security scopes for jwt**:
-          * `rating:write`
+      description: Update user's rating for a resource
       operationId: rating#Update
       parameters:
       - name: id
         in: path
         description: ID of a resource
         required: true
         type: integer
-      - name: Authorization
-        in: header
-        description: JWT
-        required: true
-        type: string
       - name: UpdateRequestBody
         in: body
         required: true
@@ -440,8 +420,6 @@ paths:
             $ref: '#/definitions/RatingUpdateInternalErrorResponseBody'
       schemes:
       - https
-      security:
-      - jwt_header_Authorization: []
   /resource/{id}/versions:
     get:
       tags: