Question about referencedata and auth process

13 views
Skip to first unread message

Craig Appl

unread,
Jan 8, 2018, 12:06:02 PM1/8/18
to OpenLMIS Dev
Hi,

I'm exploring the auth process in the openlmis-auth microservice. I see the RightReferenceDataService and UserReferenceDataService classes as part of the auth service. What do these classes do and how do they relate to the RightService and UserService in the openlmis-referencedata microservice?

Thanks,
Craig

Mateusz Kwiatkowski

unread,
Jan 8, 2018, 12:26:19 PM1/8/18
to Craig Appl, OpenLMIS Dev
Hi Craig,

those two classes (RightReferenceDataService and UserReferenceDataService) are used to communicate with Reference Data service and get User and Right resources. Both Auth and Reference Data services have User resources (connected by referencedataUserId property in Auth User) so when someone wants to create/update User in Auth service it calls Reference Data service to check if user that makes request have correct permission (all user roles/rights are located in Reference Data), also it is good to know that in order to create new user you have to create one in Reference Data and than corresponding one in Auth (to allow logging in).

Regards,
Mateusz


SolDevelo Sp. z o.o. [LLC] / www.soldevelo.com
Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland
Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

Łukasz Lewczyński

unread,
Jan 9, 2018, 3:14:19 AM1/9/18
to OpenLMIS Dev
Hi,

I am not sure why we have two user entities in two microservices. I started to think maybe we could move all auth related entities from the reference data service to the auth service. In the end the auth service is responsible of auth process so all related classes like user, right, role, service account (aka API Key) should be in only one place. I would really like to know why our auth process is divided into two microservices.

Regards,
Lukasz


Łukasz Lewczyński
Software Developer
llewc...@soldevelo.com


--
You received this message because you are subscribed to the Google Groups "OpenLMIS Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev+unsubscribe@googlegroups.com.
To post to this group, send email to openlm...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/openlmis-dev/CAHq-FDMf0_HTAJFLvUohUQ1SSXbPqefViao8D3KwgTwwejQJHw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Sebastian Brudziński

unread,
Jan 9, 2018, 5:48:41 AM1/9/18
to openlm...@googlegroups.com

To be honest, there are certain parts that I like about the separation of User between the Auth and ReferenceData services. An example is having the password field exclusively in the Auth service and not having to worry about leaking it by mistake in one of the many UserController endpoints in referencedata (retrieves, updates, searches).

If you want to bring it up though, I think there's space for at least one more topic during today's tech committee call.

Sebastian.

To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev...@googlegroups.com.

To post to this group, send email to openlm...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Sebastian Brudziński
Software Developer / Team Leader
sbrud...@soldevelo.com

Łukasz Lewczyński

unread,
Jan 9, 2018, 8:54:03 AM1/9/18
to Sebastian Brudziński, OpenLMIS Dev
And there is one part that I don't like. To create user/API key we need to execute two endpoints. It would be good to have only one endpoint which will create needed entities in both services.


Łukasz Lewczyński
Software Developer
llewc...@soldevelo.com


--

Sebastian Brudziński
Software Developer / Team Leader
sbrud...@soldevelo.com



SolDevelo Sp. z o.o. [LLC] / www.soldevelo.com
Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland
Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

--
You received this message because you are subscribed to the Google Groups "OpenLMIS Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev+unsubscribe@googlegroups.com.
To post to this group, send email to openlm...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openlmis-dev/8493078b-d0b1-f469-7151-25dee008b4ed%40soldevelo.com.

For more options, visit https://groups.google.com/d/optout.

Craig Appl

unread,
Jan 11, 2018, 6:38:57 PM1/11/18
to OpenLMIS Dev
Thanks Everyone for your responses!
To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev...@googlegroups.com.

To post to this group, send email to openlm...@googlegroups.com.


SolDevelo Sp. z o.o. [LLC] / www.soldevelo.com
Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland
Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41
--
You received this message because you are subscribed to the Google Groups "OpenLMIS Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev...@googlegroups.com.

To post to this group, send email to openlm...@googlegroups.com.

--

Sebastian Brudziński
Software Developer / Team Leader
sbrud...@soldevelo.com



SolDevelo Sp. z o.o. [LLC] / www.soldevelo.com
Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland
Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

--
You received this message because you are subscribed to the Google Groups "OpenLMIS Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev...@googlegroups.com.

To post to this group, send email to openlm...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages