eLife Login Flow
Overview
The continuum-auth
service provides authentication functionality for libero reviewer, which provides an interface to the continuum authentication system. That service provides an endpoint that converts the continuum auth token into a libero reviewer specific token (see the auth token definition ).
Authentication flow
Logging in
The user is directed first to the continuum journal login (this is definined in configuration)[https://github.com/libero/reviewer-client/blob/069d47299cbef16edbefc435ba7a42441f0bc8fd/config.ts#L8]. The journal login mechanism is hidden - but this redirects the user to ORCID for authentication.
After authentication, the user is redirected with the token the hash of a url (
/auth-redirect#<token>
). This redirectsto the authentication url with the token as part of the url so that it can get sent to the server (
/auth/<token>
).This request is then proxied to the
continuum-auth
service (as its not accessible publicly).The token is re-signed using a different secret (
reviewer-secret
). See the auth-token package for more information.The user is then redirected to the client app where the token is stored in the browser's local storage.
Authenticating requests
Subsequent API requests are then made by the Client App along with the token. Services that authenticate requests will need access to the reviewer-secret
value.
Client App makes an API request. Stored token is sent in the
Authorization
headerRequest is proxied to submission service which verifies the token using the reviewer secret value.
Response is proxied back to the Client App
Last updated