Skip to content

Authentication and Authorization Architecture

Purpose

Describe how OpenSESA enforces identity, session, MFA, and protected access across modules.

Auth Flow

flowchart LR
    User["User"] --> Login["Account Login Flow"]
    Login --> Session["Authenticated Session"]
    Session --> MFA["MFA Enforcement"]
    MFA --> Access["Authorized View Access"]

Enforcement Layers

  • account/auth routes
  • authentication middleware
  • login-required middleware
  • MFA-required middleware
  • view-level permission checks

Authorization Path

sequenceDiagram
    autonumber
    participant U as User
    participant MW as Auth Middleware
    participant V as View

    U->>MW: request
    MW->>MW: auth + mfa checks
    MW->>V: pass authorized request
    V-->>U: response or denial

Troubleshooting Matrix

Symptom First Check Likely Root Cause
login fails in one environment host/csrf/security config environment mismatch
MFA flow loops middleware policy and account state incomplete/incorrect MFA setup
unauthorized access on protected views permission checks missing guard in view path 
docker compose run --rm app python manage.py check
docker compose logs -f app
Troubleshooting focus

Host/CSRF/security settings and middleware order are common root causes for auth failures.