Question about referencedata and auth process

Hi,

I’m exploring the auth process in the openlmis-auth microservice. I see the RightReferenceDataService and UserReferenceDataService classes as part of the auth service. What do these classes do and how do they relate to the RightService and UserService in the openlmis-referencedata microservice?

Thanks,

Craig

Hi Craig,

those two classes (RightReferenceDataService and UserReferenceDataService) are used to communicate with Reference Data service and get User and Right resources. Both Auth and Reference Data services have User resources (connected by referencedataUserId property in Auth User) so when someone wants to create/update User in Auth service it calls Reference Data service to check if user that makes request have correct permission (all user roles/rights are located in Reference Data), also it is good to know that in order to create new user you have to create one in Reference Data and than corresponding one in Auth (to allow logging in).

Regards,

Mateusz


SolDevelo
Sp. z o.o. [LLC] / www.soldevelo.com
Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland
Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

Hi,

I am not sure why we have two user entities in two microservices. I started to think maybe we could move all auth related entities from the reference data service to the auth service. In the end the auth service is responsible of auth process so all related classes like user, right, role, service account (aka API Key) should be in only one place. I would really like to know why our auth process is divided into two microservices.

Regards,

Lukasz


SolDevelo
Sp. z o.o. [LLC] / www.soldevelo.com
Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland
Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

···

On Mon, Jan 8, 2018 at 6:26 PM, Mateusz Kwiatkowski mkwiatkowski@soldevelo.com wrote:

Hi Craig,

those two classes (RightReferenceDataService and UserReferenceDataService) are used to communicate with Reference Data service and get User and Right resources. Both Auth and Reference Data services have User resources (connected by referencedataUserId property in Auth User) so when someone wants to create/update User in Auth service it calls Reference Data service to check if user that makes request have correct permission (all user roles/rights are located in Reference Data), also it is good to know that in order to create new user you have to create one in Reference Data and than corresponding one in Auth (to allow logging in).

Regards,

Mateusz

**
SolDevelo** Sp. z o.o. [LLC] / www.soldevelo.com
Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland
Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

You received this message because you are subscribed to the Google Groups “OpenLMIS Dev” group.

To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev+unsubscribe@googlegroups.com.

To post to this group, send email to openlmis-dev@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/openlmis-dev/CAHq-FDMf0_HTAJFLvUohUQ1SSXbPqefViao8D3KwgTwwejQJHw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Łukasz Lewczyński
Software Developer
llewczynski@soldevelo.com

To be honest, there are certain parts that I like about the separation of User between the Auth and ReferenceData services. An example is having the password field exclusively in the Auth service and not having to worry about leaking it by mistake in one of the many UserController endpoints in referencedata (retrieves, updates, searches).

  If you want to bring it up though, I think there's space for at least one more topic during today's tech committee call.

Sebastian.

···

On 09.01.2018 09:13, Łukasz Lewczyński wrote:

Hi,

      I am not sure why we have two user entities in two microservices. I started to think maybe we could move all auth related entities from the reference data service to the auth service. In the end the auth service is responsible of auth process so all related classes like user, right, role, service account (aka API Key) should be in only one place. I would really like to know why our auth process is divided into two microservices.

Regards,

Lukasz

Łukasz Lewczyński

              Software Developer

              llewczynski@soldevelo.com
      On Mon, Jan 8, 2018 at 6:26 PM, Mateusz Kwiatkowski <mkwiatkowski@soldevelo.com>
      wrote:

Hi Craig,

those two classes ( RightReferenceDataService and UserReferenceDataService ) are used to communicate with Reference Data service and get User and Right resources. Both Auth and Reference Data services have User resources (connected by referencedataUserId property in Auth User) so when someone wants to create/update User in Auth service it calls Reference Data service to check if user that makes request have correct permission (all user roles/rights are located in Reference Data), also it is good to know that in order to create new user you have to create one in Reference Data and than corresponding one in Auth (to allow logging in).

Regards,

Mateusz

        **

            SolDevelo** Sp. z o.o. [LLC] / [www.soldevelo.com](http://www.soldevelo.com)

          [                Al. Zwycięstwa 96](https://maps.google.com/?q=Al.+Zwyci%C4%99stwa+96&entry=gmail&source=g)/98, 81-451, Gdynia, Poland

          Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

          --

          You received this message because you are subscribed to the Google Groups "OpenLMIS Dev" group.

          To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev+unsubscribe@googlegroups.com.

          To post to this group, send email to openlmis-dev@googlegroups.com.


        To view this discussion on the web visit [https://groups.google.com/d/msgid/openlmis-dev/CAHq-FDMf0_HTAJFLvUohUQ1SSXbPqefViao8D3KwgTwwejQJHw%40mail.gmail.com](https://groups.google.com/d/msgid/openlmis-dev/CAHq-FDMf0_HTAJFLvUohUQ1SSXbPqefViao8D3KwgTwwejQJHw%40mail.gmail.com?utm_medium=email&utm_source=footer).


            For more options, visit [https://groups.google.com/d/optout](https://groups.google.com/d/optout).
  **![](http://www.soldevelo.com/sites/default/files/Soldevelo_logo_EPS_CMYK.png)

      SolDevelo** Sp. z o.o. [LLC] / [www.soldevelo.com](http://www.soldevelo.com)

    Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland

    Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

  --

  You received this message because you are subscribed to the Google Groups "OpenLMIS Dev" group.

  To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev+unsubscribe@googlegroups.com.

  To post to this group, send email to openlmis-dev@googlegroups.com.

  To view this discussion on the web visit [https://groups.google.com/d/msgid/openlmis-dev/CAAdp53y%2BUA6K3ksByJVQtqFjf7w_pEzP23oeaNCSanamQiVf-w%40mail.gmail.com](https://groups.google.com/d/msgid/openlmis-dev/CAAdp53y%2BUA6K3ksByJVQtqFjf7w_pEzP23oeaNCSanamQiVf-w%40mail.gmail.com?utm_medium=email&utm_source=footer).

  For more options, visit [https://groups.google.com/d/optout](https://groups.google.com/d/optout).


Sebastian Brudziński

    Software Developer / Team Leader


SolDevelo
Sp. z o.o. [LLC] / www.soldevelo.com
Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland
Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41
sbrudzinski@soldevelo.com

And there is one part that I don’t like. To create user/API key we need to execute two endpoints. It would be good to have only one endpoint which will create needed entities in both services.


SolDevelo
Sp. z o.o. [LLC] / www.soldevelo.com
Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland
Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

···

On Tue, Jan 9, 2018 at 11:48 AM, Sebastian Brudziński sbrudzinski@soldevelo.com wrote:

  To be honest, there are certain parts that I like about the separation of User between the Auth and ReferenceData services. An example is having the password field exclusively in the Auth service and not having to worry about leaking it by mistake in one of the many UserController endpoints in referencedata (retrieves, updates, searches).
  If you want to bring it up though, I think there's space for at least one more topic during today's tech committee call.

Sebastian.

  On 09.01.2018 09:13, Łukasz Lewczyński wrote:

Hi,

      I am not sure why we have two user entities in two microservices. I started to think maybe we could move all auth related entities from the reference data service to the auth service. In the end the auth service is responsible of auth process so all related classes like user, right, role, service account (aka API Key) should be in only one place. I would really like to know why our auth process is divided into two microservices.

Regards,

Lukasz

  **

      SolDevelo** Sp. z o.o. [LLC] / [www.soldevelo.com](http://www.soldevelo.com)

    [Al. Zwycięstwa 96](https://maps.google.com/?q=Al.+Zwyci%C4%99stwa+96&entry=gmail&source=g)/98, 81-451, Gdynia, Poland

    Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

  --

  You received this message because you are subscribed to the Google Groups "OpenLMIS Dev" group.

  To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev+unsubscribe@googlegroups.com.

  To post to this group, send email to openlmis-dev@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/openlmis-dev/CAAdp53y%2BUA6K3ksByJVQtqFjf7w_pEzP23oeaNCSanamQiVf-w%40mail.gmail.com.

  For more options, visit [https://groups.google.com/d/optout](https://groups.google.com/d/optout).


Sebastian Brudziński

    Software Developer / Team Leader


     sbrudzinski@soldevelo.com

**
SolDevelo** Sp. z o.o. [LLC] / www.soldevelo.com
Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland
Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

You received this message because you are subscribed to the Google Groups “OpenLMIS Dev” group.

To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev+unsubscribe@googlegroups.com.

To post to this group, send email to openlmis-dev@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/openlmis-dev/8493078b-d0b1-f469-7151-25dee008b4ed%40soldevelo.com.

For more options, visit https://groups.google.com/d/optout.

Łukasz Lewczyński
Software Developer
llewczynski@soldevelo.com

Łukasz Lewczyński

              Software Developer

              llewczynski@soldevelo.com

      On Mon, Jan 8, 2018 at 6:26 PM, Mateusz Kwiatkowski <mkwiatkowski@soldevelo.com>
      wrote:

Hi Craig,

those two classes ( RightReferenceDataService and UserReferenceDataService ) are used to communicate with Reference Data service and get User and Right resources. Both Auth and Reference Data services have User resources (connected by referencedataUserId property in Auth User) so when someone wants to create/update User in Auth service it calls Reference Data service to check if user that makes request have correct permission (all user roles/rights are located in Reference Data), also it is good to know that in order to create new user you have to create one in Reference Data and than corresponding one in Auth (to allow logging in).

Regards,

Mateusz

        **

            SolDevelo** Sp. z o.o. [LLC] / [www.soldevelo.com](http://www.soldevelo.com)

          [                Al. Zwycięstwa 96](https://maps.google.com/?q=Al.+Zwyci%C4%99stwa+96&entry=gmail&source=g)/98, 81-451, Gdynia, Poland

          Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

          --

          You received this message because you are subscribed to the Google Groups "OpenLMIS Dev" group.

          To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev+unsubscribe@googlegroups.com.

          To post to this group, send email to openlmis-dev@googlegroups.com.


        To view this discussion on the web visit [https://groups.google.com/d/msgid/openlmis-dev/CAHq-FDMf0_HTAJFLvUohUQ1SSXbPqefViao8D3KwgTwwejQJHw%40mail.gmail.com](https://groups.google.com/d/msgid/openlmis-dev/CAHq-FDMf0_HTAJFLvUohUQ1SSXbPqefViao8D3KwgTwwejQJHw%40mail.gmail.com?utm_medium=email&utm_source=footer).


            For more options, visit [https://groups.google.com/d/optout](https://groups.google.com/d/optout).

Thanks Everyone for your responses!

···

On Tuesday, January 9, 2018 at 5:54:03 AM UTC-8, Łukasz Lewczyński wrote:

And there is one part that I don’t like. To create user/API key we need to execute two endpoints. It would be good to have only one endpoint which will create needed entities in both services.

Łukasz Lewczyński
Software Developer
llewc...@soldevelo.com

On Tue, Jan 9, 2018 at 11:48 AM, Sebastian Brudziński sbrud...@soldevelo.com wrote:

  To be honest, there are certain parts that I like about the separation of User between the Auth and ReferenceData services. An example is having the password field exclusively in the Auth service and not having to worry about leaking it by mistake in one of the many UserController endpoints in referencedata (retrieves, updates, searches).
  If you want to bring it up though, I think there's space for at least one more topic during today's tech committee call.

Sebastian.

  On 09.01.2018 09:13, Łukasz Lewczyński wrote:

Hi,

      I am not sure why we have two user entities in two microservices. I started to think maybe we could move all auth related entities from the reference data service to the auth service. In the end the auth service is responsible of auth process so all related classes like user, right, role, service account (aka API Key) should be in only one place. I would really like to know why our auth process is divided into two microservices.

Regards,

Lukasz

Łukasz Lewczyński

              Software Developer

              llewc...@soldevelo.com
      On Mon, Jan 8, 2018 at 6:26 PM, Mateusz Kwiatkowski <mkwiat...@soldevelo.com> > > >           wrote:

Hi Craig,

those two classes ( RightReferenceDataService and UserReferenceDataService ) are used to communicate with Reference Data service and get User and Right resources. Both Auth and Reference Data services have User resources (connected by referencedataUserId property in Auth User) so when someone wants to create/update User in Auth service it calls Reference Data service to check if user that makes request have correct permission (all user roles/rights are located in Reference Data), also it is good to know that in order to create new user you have to create one in Reference Data and than corresponding one in Auth (to allow logging in).

Regards,

Mateusz

        **

            SolDevelo** Sp. z o.o. [LLC] / [www.soldevelo.com](http://www.soldevelo.com)

          [                Al. Zwycięstwa 96](https://maps.google.com/?q=Al.+Zwyci%C4%99stwa+96&entry=gmail&source=g)/98, 81-451, Gdynia, Poland

          Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

          --

          You received this message because you are subscribed to the Google Groups "OpenLMIS Dev" group.

          To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev...@googlegroups.com.

          To post to this group, send email to openlm...@googlegroups.com.


        To view this discussion on the web visit [https://groups.google.com/d/msgid/openlmis-dev/CAHq-FDMf0_HTAJFLvUohUQ1SSXbPqefViao8D3KwgTwwejQJHw%40mail.gmail.com](https://groups.google.com/d/msgid/openlmis-dev/CAHq-FDMf0_HTAJFLvUohUQ1SSXbPqefViao8D3KwgTwwejQJHw%40mail.gmail.com?utm_medium=email&utm_source=footer).


            For more options, visit [https://groups.google.com/d/optout](https://groups.google.com/d/optout).
  **

      SolDevelo** Sp. z o.o. [LLC] / [www.soldevelo.com](http://www.soldevelo.com)

    [Al. Zwycięstwa 96](https://maps.google.com/?q=Al.+Zwyci%C4%99stwa+96&entry=gmail&source=g)/98, 81-451, Gdynia, Poland

    Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

  --

  You received this message because you are subscribed to the Google Groups "OpenLMIS Dev" group.

  To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev...@googlegroups.com.

  To post to this group, send email to openlm...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/openlmis-dev/CAAdp53y%2BUA6K3ksByJVQtqFjf7w_pEzP23oeaNCSanamQiVf-w%40mail.gmail.com.

  For more options, visit [https://groups.google.com/d/optout](https://groups.google.com/d/optout).


Sebastian Brudziński

    Software Developer / Team Leader


     sbrud...@soldevelo.com

**
SolDevelo** Sp. z o.o. [LLC] / www.soldevelo.com
Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland
Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41

You received this message because you are subscribed to the Google Groups “OpenLMIS Dev” group.

To unsubscribe from this group and stop receiving emails from it, send an email to openlmis-dev...@googlegroups.com.

To post to this group, send email to openlm...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/openlmis-dev/8493078b-d0b1-f469-7151-25dee008b4ed%40soldevelo.com.

For more options, visit https://groups.google.com/d/optout.


SolDevelo
Sp. z o.o. [LLC] / www.soldevelo.com
Al. Zwycięstwa 96/98, 81-451, Gdynia, Poland
Phone: +48 58 782 45 40 / Fax: +48 58 782 45 41