Skip to content

Authentication

Jump to bottom
Sean McIlvenna edited this page Sep 5, 2018 · 6 revisions

Authentication is currently permanently wired to auth0. This may be replaced at somepoint. The logic is centralized in the AuthService service.

When a user presses the login button, they are redirected to auth0. When auth0 authenticates the user, they are returned to /login of Trifolia-on-FHIR. This launches the LoginComponent and when the LoginComponent initializes, it creates tells the AuthService to handle authentication.

The AuthService stores the authentication information in the local storage of the browser (so that if the browser refreshes, it still has the authentication information).

A timer is started when the authentication info is stored to check the session (and renew the session) 5 minutes before the session is set to expire. This means that as long as the user re-opens the app before the session expires, they will not have to login again. However, if they don't use Trifolia-on-FHIR for an extended period of time (longer than the session is set to expire), then the user is logged out. The user should never be logged out while they are using the application, though; unless of course they don't have an internet connection or auth0 is down.

Authentication Flow - Sequence Diagram

The login process may be improved in the future by loading the auth0 redirection in a new window, and after the user is logged in, it could redirect to a static .html page that uses JavaScript to tell the main application what the authentication token/information is.

Clone this wiki locally