Skip to content

Latest commit

 

History

History
70 lines (52 loc) · 4.05 KB

README.md

File metadata and controls

70 lines (52 loc) · 4.05 KB

Beacon v2.x

This repository is an implementation of the Beacon v2.0 Model and contains:

  • The (Python 3.9+) source code for beacon,
  • A MongoDB database with sample data to demo the capabilities of the Beacon API.
  • AAI and LS-AAI integrated. For LS-AAI, gdi ls aai mock repository is required to be up and running in another docker compose service, and then you will need to create this external network:
docker network create my-app-network

Local deployment instructions

LifeScience Authentication and Authorisation

Managing permissions

There are three levels of datasets security: PUBLIC, REGISTERED AND CONTROLLED. If you wish to make a dataset PUBLIC, just add it in the list of the public_datasets.yml file. If you wish to make a dataset REGISTERED, add it to all the users' permissions list in the permissions.yml file. If you wish to make a dataset CONTROLLED, add it only to the users that have rights to access the dataset in their list of dataset permissions in the permissions.yml file. Please, bear in mind that the name of the user has to be the same that you used when creating the user in LS.

Creating your service registry

In order to auhenticate your Beacon users with LS, you will need to create a service registry to provide a Client for your users authentication. Go to this link https://services.aai.lifescience-ri.eu/spreg/ and creahe the service registry for your Beacon.

Setting up Client ID and Secret ID for LS AAI

Located at permissions directory, you will need to create an .env file with the next bash command:

touch .env

Inside this file, you will need to add the CLIENT SECRET and CLIENT ID keys for your LS AAI Registry service, like this:

CLIENT_SECRET='your_client_secret'
CLIENT_ID='your_client_id'

Authentication flow with LS AAI

First, log in with LS in the LS page. After having logged in, you will need to get the authorization code following LS-AAI authorization flow method with a browser pasting the next link (modifying the link with your client id) https://login.elixir-czech.org/oidc/auth/authorize?response_type=code&client_id=pasteyourclientidhere. Then, you will need to keep this code and also get your registry service client id and client secret key and then pass the three variables via the next POST request to get the authorization token:

curl --location --request POST 'https://login.elixir-czech.org/oidc/token' \--header 'Content-Type: application/x-www-form-urlencoded' \--data-urlencode 'grant_type=authorization_code' \--data-urlencode 'code=paste_your_authorization_code_here' \--data-urlencode 'client_id=paste_your_client_id_here' \--data-urlencode 'client_secret=paste_your_client_secret_here' \--data-urlencode 'scope=openid' \
--data-urlencode 'requested_token_type=urn:ietf:params:oauth:token-type:refresh_token'

When you have your authorization token, pass it in a header in your POST request to get your authenticated response.

Beacon ready for Beacon Network

In order to add your beacon to the Beacon Network, please modify the file conf.py inside beacon folder and edit these variables with your beacon's info:

beacon_id = 'org.ega-archive.ga4gh-approval-beacon-test'  # ID of the Beacon
beacon_name = 'GA4GH Approval Beacon Test'  # Name of the Beacon service
api_version = 'v2.0.0'  # Version of the Beacon implementation
uri = 'https://ega-archive.org/test-beacon-apis/cineca/'

Version notes

  • Fusions (mateName) are not supported.

Acknowlegments

We thank the CSC Finland team for their contribution with a python implementing of version 1. They, in turn, got help from members of NBIS and DDBJ.