Skip to content

A2 Architecture

Jump to bottom
Cristina Alonso edited this page Apr 18, 2018 · 6 revisions

The A2 module controls the Authentication and Authorization. As it is intended as a server-side proxy with support for multiple authentication schemes, A2 is implemented as a node.js app, leveraging the passport and http-proxy node.js modules. Both of them are well-maintained modules with extensive user bases and documentation.

A2’s main flows are illustrated in Figure 1:

  • Users can register, login, and access server-side assets via proxied requests.
  • Server-side assets can register themselves and describe (via roles) what API endpoints they wish to make available to which clients.
  • Clients can make requests to server-side assets through A2, which once authenticated and authorized, are proxied to the corresponding server-side asset for fulfillment.

This figure displays the main types of requests handled by A2. From top to bottom:

  • user registration
  • user login
  • server-side application registration
  • client request auth & forwarding

architecture-3-style-unified-and-updated pptx Figure 1.: an overview of the A2 architecture including the requests it handles such as user registration and log-in, and connection to applications.

Applications have to tell A2 what roles and resources need authorization. After an application (in our case the analytics back-end) is connected with the main project, all the requests directed to the application (e.g. from different clients) should pass through A2 first, which decides if the request is correctly authenticated and has the proper authorization before forwarding it to the application.

Table of Contents

Clone this wiki locally