|
1 | | -# cad-server |
| 1 | +# Google Club Unified Access System (UAS) - Central Authentication Service (CAS) |
| 2 | + |
| 3 | +## Overview |
| 4 | + |
| 5 | +The **Central Authentication Service (CAS)** is a key component of the Google Club Unified Access System (UAS), responsible for handling authentication through JWT (JSON Web Token) tokens and ensuring secure token-based user access across the Google Club ecosystem. By managing authentication in a centralized and efficient manner, CAS simplifies and secures user interactions with Google Club services. |
| 6 | + |
| 7 | +## Core Responsibilities |
| 8 | + |
| 9 | +### Authentication |
| 10 | +- **Token Generation**: Provides a secure JWT token for user authentication. |
| 11 | +- **Token Verification**: Verifies JWT tokens to ensure users are authenticated and authorized to access resources. |
| 12 | +- **Cached Authorities**: Quickly retrieves and verifies user authorities for low-latency authentication and minimizes database load through caching. |
| 13 | + |
| 14 | +### Cache Management |
| 15 | +- **Authority Caching**: Stores user authorities to optimize performance and reduce database queries. |
| 16 | +- **Cache Control**: Allows for selective clearing of cached data for individual accounts or all accounts, providing flexible cache management. |
| 17 | + |
| 18 | +## Technologies |
| 19 | + |
| 20 | +The CAS is built with **Express.js**, a lightweight and efficient framework ideal for handling high-performance authentication tasks in a centralized system. By leveraging this technology, CAS offers responsive authentication and supports seamless integration with other UAS components. |
| 21 | + |
| 22 | +## API Endpoints |
| 23 | + |
| 24 | +### General Purpose |
| 25 | +- `GET /health-check`: Performs a health check for the CAS service, ensuring it is running and responsive. |
| 26 | + |
| 27 | +### Cache Management |
| 28 | +- `GET /get-all-accounts-ids-in-cache`: Retrieves all cached account IDs. |
| 29 | +- `GET /get-account-cached-authorities`: Retrieves cached authorities for a specific account. |
| 30 | +- `DELETE /clear-all-accounts-cache`: Clears the cache for all accounts, refreshing stored authorities. |
| 31 | +- `DELETE /clear-account-cache`: Clears the cache for a specific account, allowing updated authorities to be retrieved on the next access. |
| 32 | + |
| 33 | +### Authentication Management |
| 34 | +- `POST /generate-jwt-token`: Generates a JWT token for user login. |
| 35 | +- `GET /get-authorities`: Retrieves the authorities assigned to an account. |
| 36 | +- `GET /verify-token`: Verifies the validity of a JWT token, confirming user authentication status. |
| 37 | + |
| 38 | +## System Communication |
| 39 | + |
| 40 | +The **CAS** communicates seamlessly with other components within the UAS, particularly the **Identity Control Service (ICS)** and the **Accounts Database**. This integration supports real-time updates, allowing CAS to serve as the authentication backbone for all Google Club services and ensuring a secure, scalable environment. |
| 41 | + |
| 42 | +## How CAS Fits into the Google Club Unified Access System |
| 43 | + |
| 44 | +CAS is an integral part of the UAS architecture: |
| 45 | +- Provides a centralized solution for authentication across the Google Club ecosystem. |
| 46 | +- Enhances security and performance through JWT tokens and caching mechanisms. |
| 47 | +- Reduces redundant authentication logic across applications, allowing developers to focus on core features. |
| 48 | + |
| 49 | +## Current Maintainer |
| 50 | + |
| 51 | +- **Wassim Rached** is responsible for overseeing the development and management of the CAS component within the Google Club UAS. |
| 52 | + |
| 53 | +--- |
| 54 | + |
| 55 | +The **Central Authentication Service (CAS)** offers a secure and scalable solution for authentication across Google Club applications, facilitating efficient and consistent access management within the UAS ecosystem. |
0 commit comments