# ungleich-otp The ungleich OTP service that allows you access to the ungleich micro service infrastructure. We are using - nameko for internal communication - django for the DB + admin interface ## Status In development, pre production. ## Usage: WEB - No user interface (UI) supported (?) -> idea is to keep flow logic in ungleich-dynamicweb ## Usage: BUS ### RPC: verify(appuuid, token, appuuidtoverify, tokentoverify) Verify whether the requesting app is authenticated. This is only allowed to be used for trusted appuuids. Returns a JSON object: Either ``` { status: "OK", } ``` OR ``` { status: "FAIL", } ``` ## Usage: REST - Use an existing token to connect to the service - All REST based messages: JSON ### POST: /verify Not sure if this one will be publicly available. Request JSON object: ``` { version: "1", appuuid: "your-app-uuid", token: "current time based token", appuuidtoverify: "appuuid that wants to be authenticated", tokentoverify: "current time based token of appuuidtoverify", } ``` Response JSON object: Either ``` { status: "OK", } ``` OR ``` { status: "FAIL", } ``` ### POST /app/register Register a new app. Returns an app ID. Request JSON object: { version: "1", appuuid: "your-app-uuid", token: "current time based token", username: "user this app belongs to", appname: "name of your web app" } Response JSON object: ``` { status: "OK", appuuid: "UUID of your app", } ``` OR ``` { status: "FAIL", error: "Reason for failure" } ``` ### GET /app List all registered apps for the current user. Request JSON object: { version: "1", appuuid: "your-app-uuid", token: "current time based token" } Response JSON object: ``` { status: "OK", apps: [ { name: "name of your web app" appuuid: "UUID of your app", }, { name: "name of your second web app" appuuid: "UUID of your second app", } ] } ``` ### GET /app/UUID Get seed for APP to be used as a token Request JSON object: ``` { version: "1", appuuid: "your-app-uuid", token: "current time based token" } ``` Response JSON object: ``` { status: "OK", seed: "seed of your app" } ``` ## Usage: OTP The seeds that you receive can be used for TOTP to authenticate your apps. ## Database The database saves a list of appuuids with their seeds and the user assignments as well as whether the appuuid might use the BUS interface. Fields: - appuuid (a random UUID) - appname (name chosen by the user) - username (who this appuuid belongs to) - seed (a random base32 string) - trusted (boolean, whether app is allowed to use the BUS and the verify method) ## Environment / Configuration - POSTGRES_USERNAME - SECRET_KEY -- random ## Random notes / stuff django.db.backends.postgresql django.contrib.admin DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': 'mydatabase', 'USER': 'mydatabaseuser', 'PASSWORD': 'mypassword', 'HOST': '127.0.0.1', 'PORT': '5432', } }