Actions
Workbench authentication process » History » Revision 3
« Previous |
Revision 3/26
(diff)
| Next »
Peter Amstutz, 11/14/2014 10:12 PM
Workbench authentication process¶
- When the user goes to workbench, it checks for a session cookie or
?api_token=xxxon the URL to get the API token. If no API token is found, the user is directed to the workbench "welcome" page. - The "welcome" page has a "log in" button that directs the user to the API server login URL, with a
?return_to=xxxlink embedded in the URL. - The 'login' endpoint goes to
UserSessionsController#loginin the API server. This redirects to/auth/joshid?return_to=xxx /auth/joshidis intercepted by the OmniAuth Rack middleware and invokes thejosh_idOmniAuth strategy.- The
josh_idOmniAuth strategy is implemented inarvados/services/api/lib/josh_id.rband is a subclass ofOmniAuth::Strategies::OAuth2
- The
- OmniAuth starts the "request_phase" of
OmniAuth::Strategies::OAuth2. This redirects to#{options[:custom_provider_url]}/auth/josh_id/authorizeusing CUSTOM_PROVIDER_URL defined inarvados/services/api/config/initializers/omniauth.rb
Questions¶
- What is workbench's "secret_token" for?
Updated by Peter Amstutz about 10 years ago · 26 revisions