VILLASframework
Modular co-simulation framework
Authentication

External

Uses OAuth2 Proxy. For details, checkout the VILLAS HELM chart.

sequenceDiagram note over VILLASweb_frontend: check if JWT exists alt no JWT exists in browser VILLASweb_frontend->>+VILLASweb_backend: GET villas.k8s/api/authenticated? VILLASweb_backend-->>-VILLASweb_frontend: authenticated = false
mode=external
login_url=villas.k8s/oauth2/start note over VILLASweb_frontend: Frontend shows link to login URL
User clicks on login button VILLASweb_frontend->>OAuth2_proxy: GET villas.k8s/oauth2/start?rd=villas.k8s/login/complete note over OAuth2_proxy: does user session exist?
(based on Cookie) OAuth2_proxy-->>VILLASweb_frontend: Location: jupyter.k8s/hub/api/oauth2/authorize?redirect_url=villas.k8s/oauth2/callback VILLASweb_frontend->>JupyterHub: GET jupyter.k8s/hub/api/oauth2/authorize?redirect_url=villas.k8s/oauth2/callback note over JupyterHub: Asks user to log in
after successful login JupyterHub-->>VILLASweb_frontend: Location: villas.k8s/oauth2/callback?code=XXXXX VILLASweb_frontend->>OAuth2_proxy: GET villas.k8s/oauth2/callback?code=XXXXX OAuth2_proxy->>JupyterHub: POST jupyer.k8s/hub/api/oauth2/token?code=XXXXX note over JupyterHub: validates code=XXXXX JupyterHub-->>OAuth2_proxy: token=YYYYYY note over OAuth2_proxy: associate Cookie with valid session OAuth2_proxy->>JupyterHub: GET jupyter.k8s/hub/api/oauth2/validate
Authorization: Bearer YYYYYY JupyterHub-->>OAuth2_proxy: user=...,email=...,groups=... note over OAuth2_proxy: validates user OAuth2_proxy-->>VILLASweb_frontend: Location: villas.k8s/login/complete note over VILLASweb_frontend: frontend performs
automatic POST VILLASweb_frontend->>OAuth2_proxy: POST villas.k8s/api/authenticate OAuth2_proxy->>VILLASweb_backend: POST villas.k8s/api/authenticate
X-Forwarded-User: svg VILLASweb_backend-->>OAuth2_proxy: jwt=ZZZZZZZ OAuth2_proxy-->>VILLASweb_frontend: jwt=ZZZZZZZ note over VILLASweb_frontend: store JWT in Browser else JWT exist VILLASweb_frontend->>VILLASweb_backend: GET villas.k8s/api/users
Authorization: Bearer ZZZZZZZ VILLASweb_backend-->>VILLASweb_frontend: users=[...] end