Add registration variables for auth context (objects API registration v2)

[sergei-maertens]

Partly closes #4246

Changes

• Added registration variable for full auth context data
• Added registration variables for the nested properties inside (until we can handle complex schema's with better typing support)

Checklist

Check off the items that are completed or not relevant.

• Impact on features

  • Checked copying a form
  • Checked import/export of a form
  • Config checks in the configuration overview admin page
  • Problem detection in the admin email digest is handled

• Release management

  • I have labelled the PR as "needs-backport" accordingly

• I have updated the translations assets (you do NOT need to provide translations)

  • Ran ./bin/makemessages_js.sh
  • Ran ./bin/compilemessages_js.sh

• Commit hygiene

  • Commit messages refer to the relevant Github issue
  • Commit messages explain the "why" of change, not the how

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.57%. Comparing base (f96a10c) to head (e1e6a11).
Report is 592 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4449      +/-   ##
==========================================
+ Coverage   96.51%   96.57%   +0.06%     
==========================================
  Files         720      720              
  Lines       23899    24000     +101     
  Branches     2817     2843      +26     
==========================================
+ Hits        23065    23179     +114     
+ Misses        566      559       -7     
+ Partials      268      262       -6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sergei-maertens]

@stevenbal can you review the documentation changes, as they're in Dutch? 😬

[stevenbal]

Minor comments regarding the docs

[stevenbal]

will this be added later?

[sergei-maertens]

yes, though I need to check if I can share those gitbook links and people outside of our team probably need to review/tweak the content, so I don't think we should block this PR on that TODO.

[stevenbal]

Suggested change

	Merk op dat niet alle attributen aanwezig zijn, dit hangt af van het inlogmiddel (
	DigiD, eHerkenning) en of er wel/niet sprake is van een machtiging én de soort
	Merk op dat niet alle attributen aanwezig zijn, dit hangt af van het inlogmiddel (DigiD, eHerkenning) en of er wel/niet sprake is van een machtiging én de soort

[sergei-maertens]

I don't see the difference or mistake 😅

[stevenbal]

Suggested change

	Middel van inloggen: de waarde is ``"digid"`` of ``eherkenning``, of een lege string
	Middel van inloggen: de waarde is ``"digid"`` of ``"eherkenning"``, of een lege string

[sergei-maertens]

I removed the quotes on digid instead to make it consistent with other example values.

[stevenbal]

I'm not sure what this means, does this mean that the value literally is "opaque"? Is this like a convenience variable to not have to check if machtigen is used when determining the acting subjects auth info?

[sergei-maertens]

the identifier type value is indeed "opaque", as opposed to "bsn" or "kvkNummer" (or the future "RSIN").

Currently it's the only possible type, but in the future more types could be possible (this could for example be used for a registrator at the service desk too, at some point). It basically means that you have zero guarantees about the meaning of the identifier value except that it's a value tied to a particular staff member. It could look like a BSN, but if you use it to consult the BRP, it may sometimes work, it will most likely not. It is not expected to be decrypted.

[stevenbal]

Is there a preference when it comes to using these variables and does it make a difference (aside from number of characters), e.g. auth_context_loa vs auth_context.levelOfAssurance?

[sergei-maertens]

there is a slight difference in that the static variables will always yield a string, while missing other attributes could theoretically return None and template authors would have to check for that.

In practice, I think the DTL fallback to empty string will result in the same outcome (most of the time).

[stevenbal]

I don't see this variable mentioned in the Vaste variabelen section, should this be mentioned there? Or is this mentioned in a specific page for Objects API registration?

[sergei-maertens]

it's not a static variable, but a registration variable and visible in the UI when you select an objects API registration backend :) and there the title + type are displayed (it's "self-documenting" via the registry).

[stevenbal]

Just for my understanding, this is no longer needed because the auth_context variable is always available for the registration backend now?

[sergei-maertens]

yeah, precisely. I assumed wrongly that the auth_context should be provided only as objects registration variables, but it acts at the same level as the existing auth static variable, so we can expose it directly to all registration backends automatically :)