Cogrion UI
The Cogrion UI is the tenant-facing web application — the primary interface through which tenants interact with the platform.
What It Does
The Cogrion UI is where tenants manage their day-to-day work: browsing the catalog, deploying applications, monitoring workspace resources, building dashboards, querying data, and accessing their running services.
It is not a thin wrapper over the API. The UI handles significant complexity: real-time resource state views, DAG visualisation, query building, dashboard authoring, and embedded access to cluster services — all within a single application.
Authentication Model
The Cogrion UI authenticates users via Keycloak. On first load, the user provides their organisation identifier, which the UI uses to select the correct Keycloak realm. From that point, authentication is handled by the Keycloak browser flow — the UI redirects to the Keycloak login page and receives tokens back on success.
Once authenticated, the user's access token is attached to all outbound requests. Role claims embedded in the token determine which parts of the UI are accessible.
→ See Authentication in the Cogrion UI for the full model.
How It Talks to Services
The Cogrion UI talks to two backends:
- The Control Plane directly — for all platform API calls (workspaces, stacks, catalog, plans).
- The BFF API — for everything related to cluster services (Airflow, JupyterHub, query engines, dashboards). The BFF handles token exchange so the UI never needs to manage backend-specific credentials.
Implementation
Repo:
oqullusStack: React 19, Vite, TypeScript, TailwindCSS
Go Deeper
- Security → Authentication in the Cogrion UI
- Tenant Platform → BFF API
- Core Platform → Keycloak