[CMS] Activity Diagrams

###### tags: `Projects` `CMS` `Activity Diagram` # [CMS] Activity Diagrams ## Auth Flow ### Auth Package Below diagram showing how to authenticate to a CMS Service (Package) such `CMS Auth`, `CMS User`, `CMS Record`, & `CMS Repo`. These services are secured by `API Key` which send through gRPC Metadata/Headers as ``"apikey"`` with format `"Basic base64(${clientName}:${serviceAPIKey})"`. The `API Key` **MUST** be send for every `method call`. Below the example Metadata: - `clientName`: cms-web - `serviceAPIKey`: AKAIOEXAMPLEKEY ```json=Metadata { "apikey": "Basic Y21zLXdlYjpBS0FJT0VYQU1QTEVLRVk=" } ``` ```plantuml actor Client as client entity Package as service group Authenticate package client -> service: package.service.rpc(packageArgs.serviceArgs) note right Headers: { "apikey": "Basic base64(${clientName}:${serviceAPIKey})" } end note service --> client: packageRes.serviceRes end ``` ### Auth Client ```plantuml actor Client as client entity AuthAPI as auth group Authenticate client client -> auth: auth.Client.CreateSession(authArgs.CreateSessionArg) auth --> client: authRes.CreateSessionRes end ``` ### Auth Admin ```plantuml actor Admin as client entity AuthAPI as auth group Authenticate session client -> auth: auth.Admin.CreateSession(authArgs.CreateSessionArg) auth --> client: authRes.CreateSessionRes end group Refresh session client -> client: AccessToken expired else Refresh token not expired client -> auth: auth.Admin.RefreshSession(google.protobuf.Empty) note right Headers: { "authrorization": "Bearer ${AccessToken},${RefreshAccessToken}", } end note auth --> client: authRes.CreateSessionRes else Refresh token expired client -> client: RefreshToken expired note right Repeat Authenticate session end note end ``` ### Auth User ```plantuml actor User as client entity AuthAPI as auth group Authenticate session client -> auth: auth.User.CreateSession(authArgs.CreateSessionArg) auth --> client: authRes.CreateSessionRes end group Refresh session client -> client: AccessToken expired else Refresh token not expired client -> auth: auth.User.RefreshSession(google.protobuf.Empty) note right Headers: { "authrorization": "Bearer ${AccessToken},${RefreshAccessToken}", } end note auth --> client: authRes.CreateSessionRes else Refresh token expired client -[#red]> client: RefreshToken expired note right Repeat Authenticate session end note end ``` ### Validate Scope ```plantuml actor Client as client entity AuthAPI as auth group Authenticate client client -> auth: auth.General.ValidateScope(authArgs.ValidateScopeArg) note right Headers: { "authrorization": "Bearer ${AccessToken}" } end note else Scope authorized auth --> client: google.protobuf.Empty else Scope not authorized auth --[#red]> client: ErrorUnauthenticated end ``` ### Validate Token ```plantuml actor Client as client entity AuthAPI as auth group Authenticate client client -> auth: auth.General.ValidateToken(authArgs.ValidateTokenArg) note right Headers: { "authrorization": "Bearer ${AccessToken}" } end note else Token valid auth --> client: google.protobuf.Empty else Token not valid auth --[#red]> client: ErrorUnauthenticated end ```