Headless Mirrored Environment - Akumina Community

Headless Mirrored Environment

You are here:
Estimated reading time: 1 min

Purpose

The purpose of this topic is to provide an overview of the of the data and flows that are utilized in an Akumina “Headless Mirrored Environment”. This architecture is specific to the case where all users in the environment exist in a single Azure Active Directory.

Data and Authentication Flows

Standard Javascript-based Front End

  1. Login credentials authenticated by Azure AD
  2. Akumina Service Hub (ASH) accessed by the Javascript Framework at which time the user identity is passed to the application
  3. ASH uses Single Sign-On (SSO) to request resource token. The Akumina Services Hub also requests the Graph API token. Azure AD returns authorized resource token as well as the Graph API token (when applicable).
  4. The ASH requests data through the Graph API and/or SharePoint endpoint
  5. Graph API returns the requested data to the ASH
  6. Graph API connection info/SharePoint data passed to the Presentation Framework. This enables the rendering and additional functionality in the front-end site including authorized access to the AppManager application for content editors, admins, etc.

 

Headless MVC-based Front End

  1. Login credentials authenticated by Azure AD
  2. Akumina Service Hub (ASH) accessed by the MVC Framework at which time the user identity is passed to the application. ASH reads user token to inspect proper claims information.
  3. ASH uses the pre-configured service account to query data from the SharePoint REST endpoints. Service account credentials can be stored in Azure Key Vault for higher security.
  4. SharePoint Data returned to front-end site
Was this article helpful?
Dislike 0
Views: 46
//]]>