The aim of the diagram is not to document each endpoint (this is the role of the swagger provided by the services).
It's goal is to have a global vision of the exchanges made between the Angular App (front) and the services, and among the services themselves for each functionality related to the authentication and the authorization.
```plantuml
!define BLACK #333745
!define RED #d5232a
!define GREEN #37A77C
' Base Setting
skinparam BackgroundColor transparent
skinparam Sequence {
ArrowThickness 1
ArrowColor RED
LifeLineBorderColor GREEN
ParticipantBorderThickness 1
}
skinparam Participant {
BackgroundColor #FFFFFF
BorderColor BLACK
FontColor BLACK
}
skinparam note {
BackgroundColor #FFFFFF
BorderColor BLACK
FontColor BLACK
}
participant "Front" as front
participant "Authentication Service" as auth
participant "Middleware Legacy Auth" as middle
participant "Legacy Auth (Neogeo)" as django
participant "Email Service" as email
participant "Kong" as kong
participant "OIDC Server" as oidc
group Authentication with OIDC providers
group Login
front -> auth : <b>GET</b> /login/:identityProvider
note over auth: Set redis key/value with Provider as value
front <-- auth : [302] redirection to the appropriate url
end
group Exchange token against JWT
front -> auth : <b>GET</b> /token
note over auth: Get redis value corresponding to the OIDC Provider
auth -> oidc : <b>POST</b> /token_endpoint
auth <-- oidc : { id_token, access_token }
auth -> oidc : <b>GET</b> /userInfo_endpoint
auth <-- oidc : { userInfo }
auth -> kong : <b>PUT</b> /consumers/:email
auth <-- kong : Ok
auth -> kong : <b>GET or POST</b> /consumers/:email/jwt (POST if no creadetials exist for this user)
auth <-- kong : { credentials }
front <-- auth: { token: jwt }
end
group Logout
front -> auth : <b>GET</b> /logout
front <-- auth : [302] redirection to the appropriate url
end
end
group Authentication with Django Server
group Get Public Key
front -> middle : <b>GET</b> /publicKey
front <-- middle : { publicKey }
end
group Legacy login
front -> auth : <b>POST</b> /login/legacy
auth -> middle : <b>POST</b> /user/login
middle -> django : <b>POST</b> /get_user/
middle <-- django : { userInfo }
middle --> auth : { userInfo with encrypted password as authzKey}
auth -> kong : <b>PUT</b> /consumers/:email
auth <-- kong : Ok
auth -> kong : <b>GET or POST</b> /consumers/:email/jwt (POST if no creadetials exist for this user)
auth <-- kong : { credentials }
front <-- auth : { token: jwt }
end
group Password forgotten
front -> middle : <b>POST</b> /passwordForgotten
note over middle: Set token in Redis with ttl 24h.
middle -> email : <b>POST</b> /email/send (body contains the link to the reset password form)
middle <-- email : void
front <-- middle : void
end
group Verify Password reset token validity
front -> middle : <b>GET</b> /isPasswordResetTokenValid
note over middle: Look for token in Redis.
front <-- middle : boolean
end
group Password reset
front -> middle : <b>PUT</b> /user/resetPassword
note over middle: Look for token in Redis.
middle -> django : <b>POST</b> /update_user_password/
middle <-- django
note over middle: Delete token from Redis.
front <-- auth : void
end
group Password update
front -> middle : <b>PUT</b> /user/updatePassword
middle -> django : <b>GET</b> /get_user/
middle <-- django : Ok
middle -> django : <b>PUT</b> /update_user_password/
middle <-- django : Ok
front <-- middle : void
end
group User update
front -> auth : <b>PUT</b> /user/update
auth -> middle : <b>PUT</b> /user/update
middle -> django : <b>POST</b> /update_user/
middle <-- django : Ok
middle -> django : <b>POST</b> /get_user/
middle <-- django : { userInfo }
auth <-- middle : { userInfo with encrypted password as authzKey}
auth -> kong : <b>PUT</b> /consumers/:email
auth <-- kong : Ok
auth -> kong : <b>GET or POST</b> /consumers/:email/jwt (POST if no creadetials exist for this user)
auth <-- kong : { credentials }
front <-- auth : { token: jwt }
end
group User Info
front -> auth : <b>GET</b> /user
auth -> middle : <b>GET</b> /user
middle -> django : <b>POST</b> /get_user/
middle <-- django : { userInfo }
auth <-- middle : { userInfo }
front <-- auth : { userInfo }
end
group User creation
front -> middle : <b>POST</b> /user
note over middle : Set token in redis with ttl 24h
middle -> email : email : <b>POST</b> /email/send (body contains account validation link)
middle <-- email : void
front <-- middle : void
end
group Validate User creation
front -> middle : <b>POST</b> /user/validateAccount
note over middle : Validate token existance in redis
middle -> django : <b>POST</b> /add_user/
middle <-- django : Ok
note over middle : Remove token from redis
front <-- middle : void
end
group User account deletion
front -> middle : <b>DELETE</b> /user
middle -> django : <b>POST</b> /delete_user/
middle <-- django : Ok
front <-- middle : void
end
end
group Authorization with Django server
group List User resources
front -> middle : <b>POST</b> /user/resources
middle -> django : <b>POST</b> /get_user_service/
middle <-- django : { rawRessources }
front <-- middle : { Ressources }
end
group Add User access to resource
front -> middle : <b>POST</b> user/resources/add
middle -> django : <b>GET</b> /get_services/ (only needed to add names in email)
middle <-- django : { datasets }
middle -> django : <b>GET</b> /get_modes/ (only needed to add names in email)
middle <-- django : { services }
loop n times (n different datasets requested)
middle -> django : <b>POST</b> /add_user_service/
middle <-- django : Ok
end
middle -> email : <b>POST</b> /email/send (Admin + User email)
middle <-- email : void
front <-- middle: { successfullyRequested, unsuccessfullyRequested }
end
group Renew User access to resource
front -> middle : <b>POST</b> user/resources/renew
middle -> django : <b>POST</b> /get_user_service/ (check if access as already been validated)
middle <-- django : { user Ressources }
middle -> django : <b>GET</b> /get_services/ (only needed to add names in email)
middle <-- django : { datasets }
middle -> django : <b>GET</b> /get_modes/ (only needed to add names in email)
middle <-- django : { services }
middle -> email : <b>POST</b> /email/send (Admin + User email)
middle <-- email : void
front <-- middle: { successfullyRenewalRequested, unsuccessfullyRenewalRequested }
end
group Delete User access to resource
front -> middle : <b>POST</b> user/resources/delete
middle -> django : <b>GET</b> /get_services/ (only needed to add names in email)
middle <-- django : { datasets }
middle -> django : <b>GET</b> /get_modes/ (only needed to add names in email)
middle <-- django : { services }
loop n times (n different datasets to be deleted)
middle -> django : <b>POST</b> /del_user_service/
middle <-- django : Ok
end
middle -> email : <b>POST</b> /email/send (Admin + User email)
middle <-- email : void
front <-- middle: { successfullyDeleted, unsuccessfullyDeleted }
end
group List of services (modes)
front -> middle : <b>GET</b> /services
middle -> django : <b>GET</b> /get_modes/
middle <-- django : { rawServices }
front <-- middle : { services }
end
group List of restricted access datasets
front -> middle : <b>GET</b> /restrictedAccessDatasets
middle -> django : <b>GET</b> /get_services/
middle <-- django : { datasets }
front <-- middle : { datsets with "RESTRICTED" access}
end
end
```