Connecting Integrations to IRIDA Next Authentication
IRIDA Next Setup
Config file
The config file is located at: config/integrations/cors_config.yml
Example configuration
development:
# origins 'localhost:3000', '127.0.0.1:3000',
# /\Ahttp:\/\/192\.168\.0\.\d{1,3}(:\d+)?\z/
# Regular expressions allowed.
origins: "*"
resources:
- resource: "*"
headers: any
methods: [get, post]
# Make sure to include trailing '/'
allowed_hosts:
- url: "http://localhost:8081/"
identifier: bdip_sheets
token_lifespan_days: 2
For a production environment, place all configuration options under the production: title
CORS Config
The origins: and resources: sections are used for CORS configuration.
Cross-Origin Resource Sharing (CORS) is a security mechanism. Familiarize yourself with best practices and find the narrowest scope to add to your configuration.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS
Integration Config
The allowed_hosts: section is used by IRIDA Next to associate tokens to integrations, determine token validity time, and verify that request origins matches the associated identifiers.
url:
Each integration must use a unique URL to receive authentication requests from. This URL must be static and specific. The URL is determined by the page from which the integration token request is generated.
identifier:
A unique identifier string containing only characters, numbers, and - or _. This should be human readable, such as bdip_sheets
token_lifespan_days:
Number of days a token will remain active before automatic deletion.
Integration Code Setup
An integrating service can open a window targeting the IRIDA Next /integration_access_token endpoint, which expects a caller argument.
Example: https://my.iridanext.site/integration_access_token?caller=my_integration
Methods
Opening the window to the integration dialog using javascript looks like this
window.open(URL, "access-token-popup", options);
And receiving the token from the integration authentication window should be done with an event listener like this
window.addEventListener("message", (event) => {
if (event.origin !== ORIGIN) return; // basic origin check
console.log("Received token:", event.data);
});
A more complete script should look something like this
// Opens the integration access token popup and logs the returned token.
const ORIGIN = "http://localhost:3000";
const URL = ORIGIN + "/integration_access_token?caller=bdip_sheets";
document.getElementById("inxt-btn").addEventListener("click", () => {
var x = window.screenX || window.screenLeft || 0;
var y = window.screenY || window.screenTop || 0;
const options = `width=500,height=800,top=${y},left=${x}`;
const popup = window.open(URL, "access-token-popup", options);
if (!popup) console.warn("Popup blocked");
});
window.addEventListener("message", (event) => {
if (event.origin !== ORIGIN) return; // basic origin check
console.log("Received token:", event.data);
});
Complete Example
A fully working demo pre-configured to work with the default development: configuration in the code base can be found at: demos/access-token-integration-demo/index.html
- run irida next
- in another terminal window
cdtodemos/access-token-integration-demo/and runpython -m http.server 8081to start the demo page - in a browser open
http://localhost:8081/ - Press
F12to open up your console so you can see the messages the demo code receives from irida next - clicking the button should open up a pop up to authenticate. If you are not signed in you will be prompted to sign in first
- you should also have seen a "button clicked" message in the 8081 window
- Clicking on "Create Access Token" in the popup should result in the following
- an alert in the popup that a token was generated
- logs in 8081 with the origin of the message and the token generated by irida next
- the popup window should close after a few seconds