Project

General

Profile

Actions

Workbench authentication process » History » Revision 1

Revision 1/26 | Next »
Peter Amstutz, 11/14/2014 09:29 PM


Workbench authentication process

  1. When the user goes to workbench, it checks for a session cookie or ?api_token=xxx on the URL to get the API token. If no API token is found, the user is directed to the workbench "welcome" page.
  2. The "welcome" page has a "log in" button that directs the user to the API server login URL, with a ?return_to=xxx link embedded in the URL.
  3. The 'login' endpoint goes to UserSessionsController#login in the API server. This redirects to /auth/joshid?return_to=xxx
  4. /auth/joshid is intercepted by the OmniAuth Rack middleware and invokes the joshid OmniAuth strategy.
  5. The josh_id OmniAuth strategy is implemented in arvados/services/api/lib/josh_id.rb and is a subclass of OmniAuth::Strategies::OAuth2 #

Questions

  • What is workbench's "secret_token" for?

Updated by Peter Amstutz over 9 years ago · 1 revisions