Workbench authentication process » History » Version 4
Peter Amstutz, 11/15/2014 03:20 AM
| 1 | 1 | Peter Amstutz | h1. Workbench authentication process |
|---|---|---|---|
| 2 | |||
| 3 | 4 | Peter Amstutz | # When the user goes to workbench, it checks for a session or @?api_token=xxx@ in the URL for the API token. If no API token is found, the user is directed to the workbench "welcome" page. |
| 4 | 1 | Peter Amstutz | # The "welcome" page has a "log in" button that directs the user to the API server login URL, with a @?return_to=xxx@ link embedded in the URL. |
| 5 | # The 'login' endpoint goes to @UserSessionsController#login@ in the API server. This redirects to @/auth/joshid?return_to=xxx@ |
||
| 6 | 2 | Peter Amstutz | # @/auth/joshid@ is intercepted by the OmniAuth Rack middleware and invokes the @josh_id@ OmniAuth strategy. |
| 7 | ** The @josh_id@ OmniAuth strategy is implemented in @arvados/services/api/lib/josh_id.rb@ and is a subclass of @OmniAuth::Strategies::OAuth2@ |
||
| 8 | 1 | Peter Amstutz | # OmniAuth starts the "request_phase" of @OmniAuth::Strategies::OAuth2@. This redirects to @#{options[:custom_provider_url]}/auth/josh_id/authorize@ using CUSTOM_PROVIDER_URL defined in @arvados/services/api/config/initializers/omniauth.rb@ |
| 9 | 4 | Peter Amstutz | # In the sso-provider, @/auth/josh_id@ is routed to @AuthController#authorize@, and is intercepted by @before_filter :authenticate_user!@ (part of the devise gem) |
| 10 | ** devise is configured at @sso-provider/config/initializers/devise.rb@ |
||
| 11 | ** @authenticate_user!@ is not explicitly defined but instead created by combining @authenticate@ with the @User@ model (I think?) |
||
| 12 | # |
||
| 13 | 1 | Peter Amstutz | |
| 14 | h2. Questions |
||
| 15 | |||
| 16 | * What is workbench's "secret_token" for? |