Add FAQ for questions I've responded to on gn-auth

topics/authentication/architecture.gmi

@@ -73,7 +73,7 @@ Since GeneNetwork is a shared system (i.e. many different users (can) use the sy
 The authorisation system therefore needs to be aware of users, and what privileges they have to act upon any particular system.
 
 * TODO: Maybe flesh out the statement below some more. It seems a tad technical, so maybe separate it from the high-level overview suitable for users?
-This is also where the authentication system comes in: The authentication part of the system, allows the user to identify themselves at login, and from there, they can simply use the token they receive to identif themselves.
+This is also where the authentication system comes in: The authentication part of the system, allows the user to identify themselves at login, and from there, they can simply use the token they receive to identify themselves.
 
 ## Roles
 

topics/authentication/authentication-authorisation-design.gmi

@@ -77,7 +77,7 @@ The sub-sections below list a number of possible privileges for each category.
 
 * view_resource
 * create_resource
-* view_resource
+* view_resource_data
 * add_resource_data
 * edit_resource_data
 * delete_resource_data

topics/authentication/cli_utility_scripts.gmi

@@ -7,7 +7,7 @@ another.
 To get a list of the available scripts/flask commands that can be run, do:
 
 ```sh
-FLASK_APP="main.py" flask --help
+FLASK_APP="gn_auth/wsgi.py" flask --help
 ```
 
 With that, you should get a list of commands, which as of 2023-05-26 are:
@@ -25,20 +25,20 @@ Commands:
   shell                Run a shell in the app context.
 ```
 
-*NB*: You can simply do `export FLASK_APP="main.py"` at the beginning of your
+*NB*: You can simply do `export FLASK_APP="gn_auth/wsgi.py"` at the beginning of your
 shell session and then just run the commands without prepending with the
-`FLASK_APP="main.py"` declaration.
+`FLASK_APP="gn_auth/wsgi.py"` declaration.
 
 ## Registering/Setting a User as System Administrator
 
 You can register an new user and set them as the system administrator with:
 ```sh
-FLASK_APP="main.py" flask register-admin
+FLASK_APP="gn_auth/wsgi.py" flask register-admin
 ```
 
 A typical session might go something like:
 ```sh
-$ FLASK_APP="main.py" flask register-admin
+$ FLASK_APP="gn_auth/wsgi.py" flask register-admin
 Enter the user's name: CLI SysAdmin
 Enter the administrator's email: [email protected]
 Enter password: 
@@ -57,7 +57,7 @@ changing "/home/frederick/genenetwork/gn3_files/db/auth.db" to the path to your
 If a user already exists in your system, and you want to make that user system admin, you could do it with:
 
 ```sh
-FLASK_APP="main.py" flask assign-system-admin 5b15ef01-a9d7-4ee4-9a38-fe9dd1d871b8
+FLASK_APP="gn_auth/wsgi.py" flask assign-system-admin 5b15ef01-a9d7-4ee4-9a38-fe9dd1d871b8
 ```
 
 You can retrieve the user ID from the (SQLite) database, with something like:
@@ -80,7 +80,7 @@ group in the new auth system.
 This can be run using flask with
 
 ```sh
-FLASK_APP="main.py" flask make-data-public
+FLASK_APP="gn_auth/wsgi.py" flask make-data-public
 ```
 
 which will use the application's configuration settings for the
@@ -104,13 +104,13 @@ python3 -m scripts.migrate_existing_data \
 ## List Available Routes
 
 ```sh
-FLASK_APP="main.py" flask routes
+FLASK_APP="gn_auth/wsgi.py" flask routes
 ```
 
 ## Drop Into a Python Shell
 
 ```sh
-FLASK_APP="main.py" flask shell
+FLASK_APP="gn_auth/wsgi.py" flask shell
 ```
 
 ## Development Scripts
@@ -121,7 +121,7 @@ run in a production environment.
 ### Setting up a Sample User for Development
 
 ```sh
-FLASK_APP="main.py" flask init-dev-users
+FLASK_APP="gn_auth/wsgi.py" flask init-dev-users
 ```
 
 That will initialise your development database with a development user with the
@@ -134,5 +134,5 @@ following details:
 ### Setting up Sample OAuth2 Client for Development
 
 ```sh
-FLASK_APP="main.py" flask init-dev-clients
+FLASK_APP="gn_auth/wsgi.py" flask init-dev-clients
 ```

topics/authentication/development-guide.gmi

@@ -0,0 +1,60 @@
+# GN-AUTH FAQ
+
+## Tags
+
+* type: docs, documentation
+* status: ongoing, open
+* keywords: authentication, authorisation, docs, documentation
+* author: @jnduli
+
+## Quick configuration for local development
+
+Save a `local_settings.conf` file that has the contents:
+
+```
+SQL_URI = "mysql://user:password@localhost/db_name" # mysql uri
+AUTH_DB = "/absolute/path/to/auth.db/" # path to sqlite db file
+GN_AUTH_SECRETS = "/absolute/path/to/secrets/secrets.conf"
+```
+
+The `GN_AUTH_SECRETS` path has two functions:
+
+* It contains the `SECRET_KEY` we use in our application
+* The folder containing this file is used to store our jwks.
+
+An example is:
+
+```
+SECRET_KEY = "qQIrgiK29kXZU6v8D09y4uw_sk8I4cqgNZniYUrRoUk"
+```
+
+## Quick set up cli commands
+
+```
+export FLASK_DEBUG=1 AUTHLIB_INSECURE_TRANSPORT=1 OAUTHLIB_INSECURE_TRANSPORT=1 FLASK_APP=gn_auth/wsgi 
+export GN_AUTH_CONF=/absolute/path/to/local_settings.conf 
+flask init-dev-clients --client-uri "http://localhost:port"
+flask init-dev-users
+flask assign-system-admin 0ad1917c-57da-46dc-b79e-c81c91e5b928
+```
+
+## Handling verification for users in local development
+
+* Run flask init_dev_users, which will create a verified local user.
+* Run `UPDATE users set verified=1` on the sqlite3 auth database.
+
+## Errors related to unsupported clients/redirect URIs for client
+
+Rerun
+
+```
+FLASK_DEBUG=1 AUTHLIB_INSECURE_TRANSPORT=1 OAUTHLIB_INSECURE_TRANSPORT=1 \
+  GN_AUTH_CONF=/absolute/path/to/local_settings.conf FLASK_APP=gn_auth/wsgi \
+  flask init-dev-clients --client-uri "http://localhost:port_you_use_for_gn2"
+```
+
+This will update your clients list to have all the related urls we want.
+
+## 500 Server Error: INTERNAL SERVER ERROR
+
+When you see the error: `500 Server Error: INTERNAL SERVER ERROR for url: http://localhost:8081/auth/token`, restart the gn2 server.