Workbench authentication process » History » Revision 1
Workbench authentication process¶
- When the user goes to workbench, it checks for a session cookie or
?api_token=xxxon the URL to get the API token. If no API token is found, the user is directed to the workbench "welcome" page.
- The "welcome" page has a "log in" button that directs the user to the API server login URL, with a
?return_to=xxxlink embedded in the URL.
- The 'login' endpoint goes to
UserSessionsController#loginin the API server. This redirects to
/auth/joshidis intercepted by the OmniAuth Rack middleware and invokes the
josh_idOmniAuth strategy is implemented in
arvados/services/api/lib/josh_id.rband is a subclass of
- What is workbench's "secret_token" for?