-
Notifications
You must be signed in to change notification settings - Fork 1
Authentication Handling
This page will discuss authentication handling for the queue specifically, however the same system is used for both allocation and the MoSS portal.
Authentication within the system is done using UQ Authenticate (previously UQ Single Sign-On). Any time Vue needs to load or modify data, a request is sent to an Apollo GraphQL server (explained in further detail in the section on architecture. Further detail can be found in the authentication middleware files. Two types of middleware are used for authentication within the system, in addition to the primary Apollo GraphQL server.
Handles requests to http endpoints. Requiring authentication for a particular endpoint can be done simply by using app.use("/endpointName", auth.express)
.
Handles continuous connections to the various applications. If a user authenticates successfully, then their information is added to the socket, and kept there while the socket is open for a continuous connection. If authentication is unsuccessful, the user's connection is closed.
Handles inserting a user into the context of the GraphQL resolver. The GraphQL resolver is responsible for sending back responses to queries and mutations, and if a user is given to this resolver, then it will only query the parts of the database which that user is authenticated for, or is intended to have access to. This effectively filters out any unauthorised information.
When developing locally, this authentication is not required, and a dummy user can be used in place of an actual authenticated user. To enable this dummy user for development, the environment variable DEV
can be set to auth:*
.