Merge pull request #168 from birtony/issue167

docs: added flowchart to document wallet's auth logic
trustbloc · Aug 4, 2022 · 13bfb69 · 13bfb69
2 parents 9cd52ec + 64a9727
commit 13bfb69
Showing 1 changed file with 33 additions and 5 deletions.
diff --git a/readthedocs/designs/auth.md b/readthedocs/designs/auth.md
@@ -1,11 +1,13 @@
-# TrustBloc Autorization 
+# TrustBloc Autorization
 
 This is a WIP design document for TrustBloc Authorization.
 
 ## Overview
+
 The TrustBloc plans to use [[IETF-DRAFT] Grant Negotiation and Authorization Protocol (GNAP)](https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-09.html) to authorize interactions between different components.
 
 ## Sequence Diagram
+
 ```mermaid
 sequenceDiagram
     autonumber
@@ -14,13 +16,13 @@ sequenceDiagram
     participant auth as Hub Auth
     participant oidc as External OIDC Provider
     participant rs as KMS/EDV
-    
+
     loop SignUp/SignIn
     user ->> wallet_web : go to wallet website
     wallet_web ->> wallet_web : create keypair
     wallet_web ->> auth : HTTP POST GNAP grant request
     auth ->> wallet_web : HTTP Response GNAP grant response with interact-redirect \n(to display list of OIDC providers)
-    wallet_web ->> auth : HTTP Redirect 
+    wallet_web ->> auth : HTTP Redirect
     auth ->> user : display list of OIDC providers
     user ->> auth : select oidc provider
     auth ->> oidc : HTTP Redirect oidc /auth
@@ -33,14 +35,40 @@ sequenceDiagram
     wallet_web ->> auth : HTTP POST /continue with GNAP interact_ref
     auth ->> wallet_web : HTTP Response with access_token
     end
-    
+
     loop KMS/EDV invocation
     wallet_web ->> wallet_web : Create HTTP req and compute httpsign
     wallet_web ->> rs : HTTP /kms/{keystoreID}/keys with HTTPSign and GNAP access_token
-    rs ->> auth : HTTP POST /introspect 
+    rs ->> auth : HTTP POST /introspect
     auth ->> rs : HTTP Response clientKey and subID
     rs ->> rs : validate httpsig
     rs ->> rs : process user request
     rs ->> wallet_web : HTTP response
     end
 ```
+
+## Wallet Auth Logic
+
+```mermaid
+flowchart TD
+    A[User requests to access some wallet page] --> B{Does this page require the user to be authenticated?}
+    B -->|No| C[Redirect the user to the requested path]
+    C --> Z[Finish]
+    B -->|Yes| D{Do we have username in vuex?}
+    D -->|Yes| F{Do we have agent initialized?}
+    D -->|No| E{Do we have username in local storage?}
+    F -->|Yes| C
+    F -->|No| R["Fetch bootstrap data"]
+
+    E -->|Yes| F{Do we have agent initialized?}
+    E -->|No| I["Request access with GNAP key pair"]
+    I --> L{Does auth server return access token and subject id?}
+    L -->|Yes| F
+    L -->|No| M["Make a call to continue API"]
+    M --> P["Receive access token and subject id"]
+    P --> R
+    R --> H[Initialize agent]
+    H --> W["Fetch bootstrap data"]
+    W --> X["Unlock wallet"]
+    X --> C
+```