Developer Docs for Auth MS #811
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![codeclimate[bot]](https://avatars.githubusercontent.com/in/9403?s=60&v=4){kind=small}
docs/developer/oauth/DESIGN.md
Outdated
| backend services and user workspaces. This document | ||
| details the system design of the | ||
| DTaaS Auth Microservice which | ||
| is responsible for the same. |
docs/developer/oauth/DESIGN.md
Outdated
| requests of the general form ”Is User X allowed to access /BackendMS/example?”. | ||
|
|
||
| If the user’s identity is correctly verified though the GitLab OAuth2 | ||
| provider AND this user is allowed to access the requested microservice/action, then the Auth MS should respond with a 200 (OK) code and let the |
docs/developer/oauth/DESIGN.md
Outdated
| ## Forward Auth Middleware in Traefik | ||
|
|
||
| Traefik | ||
| allows middlewares to be set for the routes configured into it. These middlewares intercept the route path requests, and perform analysis/modifications |
docs/developer/oauth/DESIGN.md
Outdated
| Traefik | ||
| allows middlewares to be set for the routes configured into it. These middlewares intercept the route path requests, and perform analysis/modifications | ||
| before sending the requests ahead to the services. Traefik has a ForwardAuth | ||
| middleware that delegates authentication to an external service. If the external authentication server responds to the middleware with a 2XX response |
docs/developer/oauth/DESIGN.md
Outdated
|
|
||
|  | ||
|
|
||
| - Any request made by the user is made on the React website, i.e. the |
There was a problem hiding this comment.
Lists should be surrounded by blank lines
docs/admin/cli.md
Outdated
|
|
||
| - Go to the _docker_ directory | ||
| - Currently the _email_ fields for each user in |
There was a problem hiding this comment.
Inconsistent indentation for list items at the same level
docs/admin/cli.md
Outdated
| ```bash | ||
| cd <DTaaS>/deploy/docker | ||
| ``` | ||
| - Go to the _docker_ directory |
There was a problem hiding this comment.
Inconsistent indentation for list items at the same level
docs/admin/cli.md
Outdated
| rule.onlyu3.rule=PathPrefix(`/user3`) | ||
| rule.onlyu3.whitelist = [email protected] | ||
| ``` | ||
| - Add three lines to the `conf.server` file |
There was a problem hiding this comment.
Inconsistent indentation for list items at the same level
docs/admin/cli.md
Outdated
|
|
||
| - Go to the _docker_ directory | ||
| - Currently the _email_ fields for each user in |
There was a problem hiding this comment.
Consider starting bulleted lists at the beginning of the line
docs/admin/cli.md
Outdated
| rule.onlyu3.rule=PathPrefix(`/user3`) | ||
| rule.onlyu3.whitelist = [email protected] | ||
| ``` | ||
| - Add three lines to the `conf.server` file |
There was a problem hiding this comment.
Consider starting bulleted lists at the beginning of the line
docs/admin/cli.md
Outdated
| for each user in the | ||
| deploy/docker/conf.server files and the _traefik-forward-auth_ | ||
| container must be restarted. This is done as follows: | ||
| 2. This brings up the containers, without the AuthMS authentication. |
docs/admin/servers/auth.md
Outdated
|
|
||
| DTaaS provides an easy way to add | ||
| and remove additional users from your | ||
| DTaaS instance. |
docs/admin/servers/auth.md
Outdated
| DTaaS instance. | ||
|
|
||
| All such user management can be | ||
| done via the [DTaaS CLI](../cli.md) |
docs/developer/oauth/DESIGN.md
Outdated
| - Any request made by the user is made on the React website, i.e. the | ||
| frontend of the DTaaS software. | ||
|
|
||
| - This request then goes through the Traefik gateway. Here it should be |
There was a problem hiding this comment.
Lists should be surrounded by blank lines
| - This request then goes through the Traefik gateway. Here it should be | ||
| interrupted by the respective ForwardAuth middleware. | ||
|
|
||
| - The middleware asks the Auth MS if this request for the given user |
There was a problem hiding this comment.
Lists should be surrounded by blank lines
docs/admin/cli.md
Outdated
|
|
||
| ```bash | ||
| cd <DTaaS>/deploy/docker | ||
| ``` |
There was a problem hiding this comment.
Fenced code blocks should be surrounded by blank lines
docs/admin/cli.md
Outdated
| - Add three lines to the `conf.server` file | ||
| ```txt |
There was a problem hiding this comment.
Fenced code blocks should be surrounded by blank lines
docs/admin/cli.md
Outdated
| docker compose -f compose.server.yml --env-file .env up -d --force-recreate traefik-forward-auth | ||
| ``` | ||
| - Run the appropritate command for a server installation: | ||
| ```bash |
There was a problem hiding this comment.
Fenced code blocks should be surrounded by blank lines
docs/developer/oauth/AUTHMS.md
Outdated
| traefik-forward-auth itself. This is so that after approval, when the user is | ||
| taken to REDIRECT URI, this can be handled by the gateway and passed | ||
| to the Auth service for token exchange. | ||
| We add the ForwardAuth middleware here, |
docs/developer/oauth/AUTHMS.md
Outdated
| ``` | ||
|
|
||
| - The traefik-forward-auth service should be added to the backend services | ||
| as a middleware. |
| ### User Identity using OAuth2.0 | ||
|
|
||
| We define some constants that will help with the following discussion: | ||
| - CLIENT ID: The OAuth2 Client ID of the Auth MS |
There was a problem hiding this comment.
Lists should be surrounded by blank lines
Closed
|
Code Climate has analyzed commit 543d612 and detected 0 issues on this pull request. View more on Code Climate. |
Merged
prasadtalasila
added a commit
that referenced
this pull request
Jun 16, 2024
|
merged via PR #811 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.