Standard authentication
User accesses www.workbench.nationaldataservice.org and selects "Sign-up". User enters registration information and submits. User is required to verify email address. Once verified, account goes through approval process (if enabled). Once approved, user can login to Workbench to start services. User starts Jupyter notebook. When user accesses Jupyter endpoint, if already authenticated they are not prompted to authenticate again. If they have not authenticated, user is prompted to authenticate using their Workbench credentials. If another user tries to access this user's Jupyter notebook, they are not permitted.
Oauth2 authentication (Globus auth)
User accesses www.workbench.nationaldataservice.org and selects "Sign-in" using Oauth/Globus. If user is not authenticated, user is redirected via Oauth. Once authenticated, if user has no account, an account record is created. No email verification is required. If approval is enabled, account goes though approval workflow. Otherwise, story is the same as above.
Considerations
- Oauth2 information is only available to services that are "upstream" from the Oauth2 proxy. The upstream response code appears to be ignored (e.g., 401/403)
Overview
