["FEAT"] Add support for JWT authentication to the APIS

[felipemontoya]

Is your feature request related to a problem? Please describe.
I was looking at the DEPR tickets of the community when I saw that Bearer Auth will be deprecated.
openedx/edx-drf-extensions#284
I think we need to update as well and make JWT an alternative soon so that we can deprecate them in the future.

Describe the solution you'd like
I want to be able to authenticate securely in the future. Also I'd like that we offer a path of upgrade for all the customers that use this APIs in different forms.

Describe alternatives you've considered
One alternative is to keep support of Bearer Tokens alive and supported by us, but that is an effort that we should study carefully.

Additional context
I don't know why, but I have seen several mentions to Bearer Auth lately all in the context of getting rid of it. Is it insecure? outdated? why is the project so keen on removing it?

[JuanDavidBuitrago]

Hi @felipemontoya

Thanks for your Feature request, This issue will be passed for product review @santiagosuarezedunext

cc: @Alec4r @MaferMazu

[santiagosuarezedunext]

@felipemontoya This migration to JWT would be for all eox-core services? what about the other eoxs?

[felipemontoya]

You are right, other eox's with APIs should also support JWT.

[santiagosuarezedunext]

@felipemontoya What happens if they deprecate Bearer Auth and we are not migrated to JWT yet?

[felipemontoya]

[felipemontoya]

I am not entirely sure. I would think we could maintain Bearer Auth in a fork for a while, but that will add more things to the backlog of things we dont want to custom maintain. And it would make this plugin not work with master.

[santiagosuarezedunext]

Understood, I am going to move this to prioritized and we are going to divide this migration by API so that they can enter progressively in the following sprints

[felipemontoya]

@MaferMazu fyi

[Asespinel]

@MaferMazu do we have updates on this issue?

[MaferMazu]

We didn't touch this issue. I'll put this in the backlog for consideration in the next sprints.

[andrey-canon]

@MaferMazu any updates ?

[felipemontoya]

@andrey-canon are you depending on this feature for some of your own work? do you think you or your team has the capacity to take on this work?

[andrey-canon]

@felipemontoya we don't depend on this, it's just confusing for the client, sometimes they have to use JWT and sometimes Bearer however if this is not urgent for other teams, how it looks like, @Ever3tt could tackle this issue, it may take some time, but I consider this a great a opportunity for him to learn a little bit about authentication mechanisms

[MaferMazu]

🙈 I already added the JWT support in the migration PR #254; for detailed changes about the JWT 4fe1d00

I will extract that commit to create another PR to bring more clarity, but the changes are ready.

cc @felipemontoya @andrey-canon