Actions
Workbench authentication process » History » Revision 8
« Previous |
Revision 8/26
(diff)
| Next »
Peter Amstutz, 11/15/2014 02:39 PM
Workbench authentication process¶
- When the user goes to workbench, it checks for a session or
?api_token=xxx
in the URL for the API token. If no API token is found, the user is directed to the workbench "welcome" page. - The "welcome" page has a "log in" button that directs the user to the API server login URL, with a
?return_to=xxx
link embedded in the URL. - The 'login' endpoint goes to
UserSessionsController#login
in the API server. This redirects to/auth/joshid?return_to=xxx
/auth/joshid
is intercepted by the OmniAuth Rack middleware and invokes thejosh_id
OmniAuth strategy.- The
josh_id
OmniAuth strategy is implemented inarvados/services/api/lib/josh_id.rb
and is a subclass ofOmniAuth::Strategies::OAuth2
- The
- OmniAuth starts the "request_phase" of
OmniAuth::Strategies::OAuth2
. This redirects to#{options[:custom_provider_url]}/auth/josh_id/authorize
using CUSTOM_PROVIDER_URL defined inarvados/services/api/config/initializers/omniauth.rb
- In the sso-provider,
/auth/josh_id
is routed toAuthController#authorize
, and is intercepted bybefore_filter :authenticate_user!
(part of the devise gem)- devise is configured at
sso-provider/config/initializers/devise.rb
authenticate_user!
is not explicitly defined but instead monkey patched into the controller indevise/lib/devise/controllers/helper.rb
authenticate_user!
callswarden.authenticate!
with a scope of:user
where warden is yet another Rack authentication gemdevise :omniauthable, :omniauth_providers => [:google]
configuressso-provider/app/models/user.rb
- devise is configured at
AuthController#authorize
creates an AccessGrant
Questions¶
- What is workbench's "secret_token" for?
Updated by Peter Amstutz about 10 years ago · 26 revisions