Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Diagram] An extension requests its auth token #2664

Closed
Tracked by #2596
stephen-crawford opened this issue Apr 10, 2023 · 0 comments
Closed
Tracked by #2596

[Diagram] An extension requests its auth token #2664

stephen-crawford opened this issue Apr 10, 2023 · 0 comments
Assignees
@stephen-crawford
Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@stephen-crawford
Copy link
Collaborator

stephen-crawford commented Apr 10, 2023
edited
Loading

  1. Flow chart of: Extension requests its auth token
flowchart TD
    A[Extension_1] -->|Operation Request| B(Core)
    B --> | Redirect to ServiceAccountManager | C(Core ServiceAccountManager)
    C --> | getServiceAccountAuth<accountId> | D(Security Plugin)
    D -->| checkServiceAccount<accountId> | E(InternalUsersStorage)
     E --> | if !serviceAccountExists<accountId> OR !accountIsEnabled<accountId> | G(Return unauthorized response)
    E --> | if serviceAccountExists<accountId> AND accountIsEnabled<accountId> | F(Token Generator)
    F --> |Return auth token to core| C
    G --> |Return unauthorized response to core| C
    C --> | Forward response | B
    B --> | Forward response | A
Loading
  1. Sequence diagram of: Extension requests its auth token
sequenceDiagram
title: Extension_1 Authorization Sequence

Extension_1 -> Core : Operation Request
Core -> Core ServiceAccountManager : Redirect to ServiceAccountManager
Core ServiceAccountManager -> Security Plugin : getServiceAccountAuth<accountId>
Security Plugin -> InternalUsersStorage : checkServiceAccount<accountId>
InternalUsersStorage --> Core : Return unauthorized response
InternalUsersStorage -> Token Generator : 
alt serviceAccountExists<accountId> AND accountIsEnabled<accountId>
    Token Generator -> Core ServiceAccountManager : Return auth token to core
else !serviceAccountExists<accountId> OR !accountIsEnabled<accountId>
    Token Generator --> Core : Return unauthorized response
end
Core ServiceAccountManager -> Core : Forward response
Core -> Extension_1 : Forward response
Loading
@stephen-crawford stephen-crawford self-assigned this Apr 10, 2023
@github-actions github-actions bot added the untriaged Require the attention of the repository maintainers and may need to be prioritized label Apr 10, 2023
@stephen-crawford stephen-crawford changed the title [Diagram] An extensions attempts to use its service account to perform an action it has permissions for [Diagram] An extension attempts to execute a request using its service account Apr 10, 2023
@stephen-crawford stephen-crawford added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Apr 10, 2023
@stephen-crawford stephen-crawford mentioned this issue Apr 10, 2023
Closed
47 tasks
@stephen-crawford stephen-crawford changed the title [Diagram] An extension attempts to execute a request using its service account [Diagram] An extension requests its auth token Apr 10, 2023
@stephen-crawford stephen-crawford mentioned this issue Apr 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stephen-crawford stephen-crawford

Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
Security for Extensions
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peternied @stephen-crawford