diff options
author | Frederick Muriuki Muriithi | 2023-05-27 13:50:51 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2023-05-27 13:50:51 +0300 |
commit | 45a7a6bc59eb28cdd2ceeee0e84506cf292b6466 (patch) | |
tree | be2ae04bdd0dc095f873c788e434c1338ee1dda4 /docs | |
parent | d03ca8f2cb25dceb785044f31d6ad4a6914c6f16 (diff) | |
download | genenetwork3-45a7a6bc59eb28cdd2ceeee0e84506cf292b6466.tar.gz |
Document Use of OAuth2 Clients
* docs/authentication_and_authorisation/oauth2_clients.md: New documentation
* gn3/auth/authentication/oauth2/server.py: Raise appropriate error if no
client is found.
* gn3/auth/authentication/oauth2/views.py: Handle exception in the case where
a UI should be presented to the user, rather than presenting the raw JSON
response to the user.
* gn3/errors.py: Handle any authlib OAuth2Error at the application's top-level
* gn3/templates/oauth2/oauth2_error.html: Handle any authlib OAuth2Error at
the application's top-level
Diffstat (limited to 'docs')
-rw-r--r-- | docs/authentication_and_authorisation/oauth2_clients.md | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/docs/authentication_and_authorisation/oauth2_clients.md b/docs/authentication_and_authorisation/oauth2_clients.md new file mode 100644 index 0000000..f9af8f9 --- /dev/null +++ b/docs/authentication_and_authorisation/oauth2_clients.md @@ -0,0 +1,64 @@ +# OAuth2 + +The new authorisation system is made up of two layers: + +- Client authorisation +- User authentication/authorisation + +This document will concern itself mostly with "Client Authorisation". + +## Client Authorisation + +The authentication/authorisation system will (probably) find use in the entire +suite of applications that are under the Genenetwork umbrella. + +The relevant applications (as of 27 May 2023) are: + +- [Genenetwork 3](https://github.com/genenetwork/genenetwork3): Serves as both + the authorisation server and the API server. +- [Genenetwork 2](https://github.com/genenetwork/genenetwork2): Will eventually + be the main user-facing UI making requests to GN3 for data and computational + requests. +- [QC and Data Upload](https://gitlab.com/fredmanglis/gnqc_py): Provides a means + to upload new data into the Genenetwork database. It does perform some + quality-control on the data before upload. Currently, this application is not + available to the general public due to the potential to mess up the data. Once + the auth system has been running a while, and the major bugs quashed, this + will be integrated into the other system and allow users to upload their own + data. + +In this case, the GN2 and QC applications would be clients to GN3 (as the auth +server), and will have specific scopes of access. + +As such, we need to register the clients that can access the authorisation +server. + +If you try to access the authorisation server, or for that matter, the API +server with a client that is not registered, you will receive an error message +of the form: + +```json +{ + "error": "invalid_client", + "error_description": "No client found for the given CLIENT_ID and CLIENT_SECRET." +} +``` + +### Registering a new OAuth2 Client + +- **TODO**: Implement client registration then provide docs here. + +**NOTES**: + +- Collect appropriate client data and register (provide means) +- Get registered client's "CLIENT ID" and "CLIENT SECRET" values +- Configure values on client + +## User Authentication/Authorisation + +A user will make use of (an) authorised client(s) (see 'Client Authorisation' +section above) to access the authorisation and API servers. + +Once the user has authenticated (provided valid authentication credentials), +they will be able to access the resources in the system according to the roles +and privileges that they are authorised for. |