Skip to content

BDRC Auth lib

BDRC Auth library main fonctionalities

  • Builts the RDF auth data model from auth0 and github and updates it in fuseki . The auth data model is all contained in a single named graph ( http://purl.bdrc.io/ontology/ext/authData )

  • Updates the ontology on fuseki whenever it changes through a github Webhook whose callback Url is http://purl.bdrc.io/callbacks/github/owl-schema endpoint on ldspdi. The Auth Ontology is a named graph ( http://purl.bdrc.io/ontology/ext/authSchema )

  • Keeps available and maintains an up to date RdfAuthModel java object that can be used for validating or denying the access to secured endpoints or resources. This validation mechanism is explained in the "Using BDRC auth lib" section of this site.

Auth Model update

BDRC-auth library is used on various servers of the BUDA platform and each instance of it has therefore its own local RdfAuthModel object. In order to ensure the accuracy of the Auth models across all BUDA secured services, we need to synchronize these local models each time the data is modified either in Auth0 platform or BDRC policies.

Since BDRC Linked data server (ldspdi) is providing all webhooks callback Urls, it is therefore in charge of building the most recent model and publishing it to fuseki. Subsequently, all models of all instances of bdrc-auth-lib must be updated. This is accomplished by each instances through a “cron job” implemented in io.bdrc.auth.rdf.ModelUpdate. The whole operation goes as follows:

  • 1) A change occurs in Auth0 or in Owl-schema (ontology) or in bdrc-auth (bdrc auth policies data)

  • 2) BDRC Linked Data server (ldspdi) is called by the relevant webhook then rebuilds the model, saves the UPDATED time and reloads the new data on Fuseki.

  • 3) A cron job running on each instance of Bdrc-auth-lib asks ldspdi every five minutes (this period is configurable) for the UPDATED time at ( http://purl.bdrc.io/authmodel/updated)

  • 4) If ldspdi UPDATED time is more recent than the local UPDATED time, the local bdrc-auth-lib reloads the model from ldspdi at ( http://purl.bdrc.io/authmodel ) and updates its local UPDATED time.

Note: this is not a real time update. A real time update could be done by implementing webhooks (triggerred by ldspdi) on each server instantiating bdrc-auth-lib. However, there is no valid point at that time that suggest such a real-time update implementation.