User sign-in
| ID | sign-in |
|---|---|
| Description | How a browser request authenticates across the reverse proxy, Studio, Keycloak, and the realtime server. |
| Key | sign-in |
100%
Steps
Workflow steps
| Number | Source | Destination | Description |
|---|---|---|---|
| 1 | Browser | Reverse Proxy | Open Studio (no session) |
| 2 | Reverse Proxy | IOModel Studio | Forward request |
| 3 | IOModel Studio | Browser | Redirect to Keycloak |
| 4 | Browser | Reverse Proxy | Follow auth redirect |
| 5 | Reverse Proxy | Keycloak | Route to identity provider |
| 6 | Keycloak | Browser | Login form |
| 7 | Browser | Keycloak | Submit credentials |
| 8 | Keycloak | Browser | Auth code + SSO cookie |
| 9 | Browser | Reverse Proxy | Callback with auth code |
| 10 | Reverse Proxy | IOModel Studio | Forward callback |
| 11 | IOModel Studio | Keycloak | Exchange code for tokens |
| 12 | Keycloak | IOModel Studio | ID and access tokens |
| 13 | IOModel Studio | Browser | App session established |
| 14 | Browser | Reverse Proxy | Open realtime document |
| 15 | Reverse Proxy | IOModel Studio | Request WebSocket token |
| 16 | IOModel Studio | Yjs Realtime Server | Mint short-lived WS token |
| 17 | IOModel Studio | Browser | WS token |
| 18 | Browser | Yjs Realtime Server | Connect over WebSocket (token) |
| 19 | Yjs Realtime Server | Browser | Realtime sync started |