eLife Login Flow
Last updated
Last updated
The continuum-auth
service provides authentication functionality for libero reviewer, which provides an interface to the continuum authentication system. That service provides an endpoint that converts the continuum auth token into a libero reviewer specific token (see the auth token definition ).
The user is directed first to the continuum journal login (this is definined in configuration)[https://github.com/libero/reviewer-client/blob/069d47299cbef16edbefc435ba7a42441f0bc8fd/config.ts#L8]. The journal login mechanism is hidden - but this redirects the user to ORCID for authentication.
After authentication, the user is redirected with the token the hash of a url (/auth-redirect#<token>
). This redirects
to the authentication url with the token as part of the url so that it can get sent to the server (/auth/<token>
).
This request is then proxied to the continuum-auth
service (as its not accessible publicly).
The token is re-signed using a different secret (reviewer-secret
). See the auth-token package for more information.
The user is then redirected to the client app where the token is stored in the browser's local storage.
Subsequent API requests are then made by the Client App along with the token. Services that authenticate requests will need access to the reviewer-secret
value.
Client App makes an API request. Stored token is sent in the Authorization
header
Request is proxied to submission service which verifies the token using the reviewer secret value.
Response is proxied back to the Client App