GitHub is used for source code management while Amazon Web Service is the hosting provider. Further information regarding the development- and service provider-environments can be found following these links:
- https://docs.devland.is/handbook/technical-overview/devops
- https://docs.devland.is/handbook/apps/services/auth-api
- https://docs.devland.is/handbook/apps/services/auth-admin-api
- https://github.com/island-is/identity-server.web
IdentityServer is an open source-solution in .NetCore. The system is an OpenID Connect provider, i.e. it implements the OpenID Connect and OAuth 2.0 protocols.
-
A human that is using a registered client to access resources.
-
A software that requests tokens from IdentityServer - either for authenticating a user or for accessing a resource. A client must be first registered with IdentityServer before it can request tokens. Clients can for example be web applications, native mobile or desktop applications.
-
Resources are something you want to protect with IdentityServer - either identity data of your users, or APIs:
- Identity data to identify users, for example names or e-mail addresses.
- API is an interface which the clients communicate with.
-
An identity token is created during the authentication procedure of IdentityServer. It contains at a bare minimum an identifier for the user (called the sub aka subject claim) and information about how and when the user authenticated.
-
An access token allows access to an API resource. Clients request access tokens and forward them to the API. Access tokens contain information about the client and the user which the API uses to authorize access to the resources.
- The service provider writes a code to connect with Identity server\‘s authentication service. The user’s identity is defined as a sub (subject claim) in the code.
- When the users’ clients request authentication then IdentityServer receives the sub. Accordingly, IdentityServer includes the sub in the identity token which it creates to connect the clients with the resources. During the same procedure IdentityServer also creates the access token.
- IdentityServer sends the identity token and the access token to the client.
- The client forwards the access token to the API for validation.
- When the API has validated the access token then the client gets access to the user’s resources.
- The service-provider’s code is source-controlled in GitHub.
- When there are code changes then the developer commits the new code and pushes to GitHub.
- The developer creates a ‘pull request’ for his code changes which another developer must accept in order for the code to be merged with the main development branch. This triggers a GitHub-action which builds the code and deploys to the Development-environment.
- When code is to be released, a release-branch is created by a third party from the main-branch. This triggers a GitHub-action which deploys it to the Staging-environment.
- When the deployment on Staging has been tested and approved then the code is deployed to the Production-environment by a third party.
