Page History

...

The following examples show concrete use-cases where the session login and oAuth2 mechanisms are used within the Flarecast infrastructure.

InfraViewer
Image RemovedImage Added

Request	Description	Response
POST /login	The end-user performs a login with his username and password.	The InfraViewer verifies the user's authentication and, if successful, requests an access token from the oAuth2 server (using the 'password' grant type). The end-user is then redirected to his original page either with or without a valid session ID and access token cookie. Depending on those cookies the end-user gets access to restricted operations, depending on his session ID, or can request secured resources, using his access token.
GET /resource_1	The end-user requests a non-secured resource from the InfraViewer.	The InfraViewer response with the requested JSON object, without requiring any authentication.
POST /resource_1	The end-user requests a secured resource from the InfraViewer.	The InfraViewer response either with the requested JSON object, given a valid access token, or with an error page.

Swagger UI
Image RemovedImage Added

Request	Description	Response
GET /oauth/authorize	The end-user requests an access token for the Swagger UI which then can access secured resources.	If the end-user holds a valid session ID he is redirected to an authorization page from the oAuth2 server where he can grant Swagger UI to request an access token (using the 'authorization code' grant type). Otherwise, the user is redirected to a login form where he needs to authenticate himself before accessing the authorization page.
GET /resource_1	The end-user requests a non-secured resource from the Swagger UI.	The Swagger UI response with the requested JSON object, without requiring any authentication.
POST /resource_1	The end-user requests a secured resource from the Swagger UI.	The Swagger UI response either with the requested JSON object, given a valid access token, or with an error page.

Algorithms within a Docker container
Image RemovedImage Added

Request	Description	Response
GET /resource_1	The algorithm requests a non-secured resource from the Swagger UI.	The service response with the requested JSON object, without requiring any authentication.
POST /resource_1	The algorithm requests a secured resource from the Swagger UI.	The service response either with the requested JSON object, given a valid access token, or with an error page. The algorithm's access token is injected by the Workflow Management Service during startup. Hence, only algorithms running on the cluster obtain a valid access token to manipulate data within the infrastructure.

...

User Role	Resource Scope	Example
Reader	read	Access to protected routes for querying configurations of prediction algorithms.
Writer	write	Access to protected routes for adding prediction data to existing predictions.
Moderator	read, write	Full (read and write) access to the prediction service.
Administrator	read, write, execute	Full access to the workflow management service, including protected routes for running and stopping Docker containers.

unintendedly

Versions Compared