Overhaul - csed-ucm/psephos GitHub Wiki

Auth Service holds FastAPI + pycasbin logic.

Casbin stores and evaluates policies, backed by a database (SQL via adapters like GORM, SQLX, etc.)

Redis is used for fast caching of access tokens or active sessions.

Users DB holds domains like users, groups, workspaces, organizations.

Psephos (Survey Engine)

Stores surveys and related data in MongoDB.

OIDC Provider handles authentication and issues tokens, which Auth Service consumes.

OIDC Login Flow (User + Auth App + OIDC Provider)

sequenceDiagram
  participant User
  participant OIDC_Client as Psephos
  participant AuthApp as Auth Service
  participant OIDC as OIDC Provider

  User          -->> OIDC_Client: Request login
  OIDC_Client   -->> AuthApp: Redirect to /authorize
  AuthApp       -->> OIDC: Authentication request (OIDC)
  OIDC          -->> User: Login prompt
  User          -->> OIDC: Submit credentials
  OIDC          -->> AuthApp: Authorization code (redirect)
  AuthApp       -->> OIDC: Token exchange (code → tokens)
  OIDC          -->> AuthApp: Access token + user info
  AuthApp       -->> OIDC_Client: Access token (and ID token)

Survey Data Access Flow (Client App + Auth App + Psephos)

sequenceDiagram
  participant Client App
  participant AuthApp as Auth Service
  participant Psephos

  OIDC_Client   -->> AuthApp: Request access_token with scopes (e.g. surveys:read)
  AuthApp       -->> Casbin: Evaluate policy (user, workspace, scopes)
  Casbin        -->> AuthApp: Policy decision (allow/deny)
  AuthApp       -->> OIDC_Client: Issue access_token if allowed
  OIDC_Client   -->> Psephos: API call with token
  Psephos       -->> AuthApp: Validate token (introspect or via local cache)
  AuthApp       -->> Psephos: Confirmation (token valid, scopes ok)
  Psephos       -->> OIDC_Client: Return survey data

Overall System Architecture (with Databases) – Mermaid Flow Diagram

flowchart
    AuthApp
    Casbin[Casbin policy engine]
    DB_Casbin[(Policies and user Data <br> i.e. PostgreSQL)]
    Redis[Redis cache tokens]
    Users[Users, Groups, Workspaces, Orgs DB]
    psephos[Survey Engine psephos]
    mongoDB[(Polls and Responses <br> i.e. MongoDB)]
    OIDC((OIDC Provider))
    ClientApp[UniPoll]

    

    User{User} --> ClientApp
    ClientApp --- psephos
    psephos --- mongoDB
    psephos ---- AuthApp

    AuthApp --- OIDC
    AuthApp --- Casbin
    Casbin --- DB_Casbin
    AuthApp --- Redis
    AuthApp --- Users