WS-2449: Use cookie auth for UAS instead of Authorization header

src/app/lib/uasApi/getAuthHeaders.ts

@@ -0,0 +1,17 @@
+import { getEnvConfig } from '../utilities/getEnvConfig';
+
+const getAuthHeaders = (): HeadersInit => {
+  const apiKey = getEnvConfig().SIMORGH_UAS_PUBLIC_API_KEY;
+
+  if (!apiKey) {
+    throw new Error('Missing UAS public API key');
+  }
+
+  const headers: HeadersInit = {
+    'X-API-Key': apiKey,
+  };
+
+  return headers;
+};
+
+export default getAuthHeaders;

src/app/lib/uasApi/index.test.ts

@@ -36,8 +36,6 @@ describe('uasApiRequest', () => {
       expect.objectContaining({
         method: 'GET',
         headers: expect.objectContaining({
-          Authorization: 'Bearer mocked-token',
-          'X-Authentication-Provider': 'idv5',
           'X-API-Key': 'mocked-api-key',
         }),
       }),
@@ -63,8 +61,6 @@ describe('uasApiRequest', () => {
       expect.objectContaining({
         method: 'POST',
         headers: expect.objectContaining({
-          Authorization: 'Bearer mocked-token',
-          'X-Authentication-Provider': 'idv5',
           'X-API-Key': 'mocked-api-key',
           'Content-Type': 'application/json',
         }),
@@ -91,8 +87,6 @@ describe('uasApiRequest', () => {
       expect.objectContaining({
         method: 'DELETE',
         headers: expect.objectContaining({
-          Authorization: 'Bearer mocked-token',
-          'X-Authentication-Provider': 'idv5',
           'X-API-Key': 'mocked-api-key',
         }),
       }),
@@ -121,23 +115,6 @@ describe('uasApiRequest', () => {
     );
   });
 
-  it('should throw an error when ckns_atkn cookie is missing', async () => {
-    // Mock the scenario where the ckns_atkn cookie is not in storage
-    (mockCookie.get as jest.Mock).mockReturnValue(undefined);
-    mockGetEnvConfig.mockReturnValue({
-      SIMORGH_UAS_PUBLIC_API_KEY: 'mocked-api-key',
-    } as ReturnType<typeof getEnvConfig>);
-
-    const activityType = 'favourites';
-
-    await expect(uasApiRequest('GET', activityType)).rejects.toThrow(
-      'Missing authentication for UAS request',
-    );
-
-    // Verify that fetch was never called since authentication failed
-    expect(global.fetch).not.toHaveBeenCalled();
-  });
-
   it('should throw an error when API key is missing', async () => {
     // Mock the scenario where the API key is not configured
     (mockCookie.get as jest.Mock).mockReturnValue('mocked-token');
@@ -148,7 +125,7 @@ describe('uasApiRequest', () => {
     const activityType = 'favourites';
 
     await expect(uasApiRequest('GET', activityType)).rejects.toThrow(
-      'Missing authentication for UAS request',
+      'Missing UAS public API key',
     );
 
     // Verify that fetch was never called since authentication failed

src/app/lib/uasApi/index.ts

@@ -1,5 +1,5 @@
 import isLive from '#app/lib/utilities/isLive';
-import getAuthHeaders from './getAuthHeader';
+import getAuthHeaders from './getAuthHeaders';
 import { activityTypes } from './uasUtility';
 
 export type UasMethod = 'POST' | 'DELETE' | 'GET';