0.0
Low commit activity in last 3 years
No release in over a year
mais-access provides a simple yet secure HTTP(S) authentication barrier for applications developed within the MAIS system. After initial connection, sessions for authenticated clients are validated by JSON Web Tokens for reduced overhead and improved security.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

Runtime

~> 5.2
>= 12.3.3
 Project Readme

MAIS Access

mais-access provides a simple yet secure HTTP/JWT authentication middleware for applications developed within the MAIS system. After initial connection, sessions for authenticated clients are validated by JSON Web Tokens for reduced overhead and improved security.

How it works

At the core of MAIS Access is a Railtie (lib/access.rb). Upon load, it mutates ApplicationController by adding, among other helper methods, a before_action that either checks for a valid JSON Web Token (JWT) or requires HTTP Basic Authentication.

If there is a valid JWT cookie attached to the request, that token is sent to MAIS Accounts for verification. If successful, the user's information is parsed from it and passed along to the app.

If there isn't a valid JWT (it's either missing or expired), the user is prompted for their credentials. Those credentials are encrypted and sent to MAIS Accounts, which compares them against known users. If successful, the user is authenticated like above and a JWT cookie is passed back and written to the user's browser for future requests. If it's not successful, the user is prompted again.

In flowchart form:

%%{init: { "flowchart": { "curve": "linear" } } }%%
flowchart TD
    A(CAN THE USER ACCESS?) --> B{Is there a JWT cookie?}
    B -- No --> C[[Ask for credentials]]
    B -- Yes ---> D{Is it valid?}
    C --> E{Are they valid?}

    subgraph MAIS Accounts
    AA[[GET /verify]]
    BB[[POST /authenticate]]
    end

    D -.-> AA
    E -.-> BB

    AA -- No -->C
    BB -- No -->C
    BB -- Yes --> F[[Set JWT cookie]] --> G
    AA -- Yes --> G((ALLOW))
    
    style G fill:#2D882D
Loading

License

Copyright (c) 2023 Elias Gabriel, sdbase

This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.