ungleich-otp/README.md

# ungleich-otp

The ungleich OTP service that allows you access to the ungleich micro
service infrastructure.

We are using

- nameko for internal communication
- django for the DB + admin interface

## Status

In development, pre production.

## Usage: WEB

- No user interface (UI) supported (?)
  -> idea is to keep flow logic in ungleich-dynamicweb

## Usage: BUS

### RPC: verify(appuuid, token, appuuidtoverify, tokentoverify)

Verify whether the requesting app is authenticated. This is only
allowed to be used for trusted appuuids.

Returns a JSON object:

Either
```
{
    status: "OK"
}
```

OR

```
{
    status: "FAIL"
}
```



## Usage: REST

- Use an existing token to connect to the service
- All REST based messages: JSON

### POST: /verify

Not sure if this one will be publicly available.

Request JSON object:

```
{
    version: "1",
    appuuid: "your-app-uuid",
    token: "current time based token",
    appuuidtoverify: "appuuid that wants to be authenticated",
    tokentoverify: "current time based token of appuuidtoverify",
}
```

Response JSON object:

Either
```
{
    status: "OK",
}
```

OR

```
{
    status: "FAIL",
}
```

### POST /app/register

Register a new app. Returns an app ID.

Request JSON object:

```
{
    version: "1",
    appuuid: "your-app-uuid",
    token: "current time based token",
    username: "user this app belongs to",
    appname: "name of your web app"
}
```

Response JSON object:

```
{
    status: "OK",
    appuuid: "UUID of your app",
}
```

OR

```
{
    status: "FAIL",
    error: "Reason for failure"
}
```

### GET /app

List all registered apps for the current user.

Request JSON object:

```
{
    version: "1",
    appuuid: "your-app-uuid",
    token: "current time based token"
}
```

Response JSON object:

```
{
    status: "OK",
    apps: [
        {
            name: "name of your web app"
            appuuid: "UUID of your app",
        },
        {
            name: "name of your second web app"
            appuuid: "UUID of your second app",
        }
    ]
}
```

### GET /app/UUID

Get seed for APP to be used as a token

Request JSON object:

```
{
    version: "1",
    appuuid: "your-app-uuid",
    token: "current time based token"
}
```

Response JSON object:

```
{
    status: "OK",
    seed: "seed of your app"
}
```


## Usage: OTP

The seeds that you receive can be used for TOTP to authenticate your
apps.


## Database

The database saves a list of appuuids with their seeds and the user
assignments as well as whether the appuuid might use the BUS interface.

Fields:

- appuuid (a random UUID)
- appname (name chosen by the user)
- username (who this appuuid belongs to)
- seed  (a random base32 string)
- trusted (boolean, whether app is allowed to use the BUS and the
  verify method)


## Environment / Configuration

- POSTGRES_USERNAME
- SECRET_KEY -- random

## Random notes / stuff

django.db.backends.postgresql
django.contrib.admin

```
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'mydatabase',
        'USER': 'mydatabaseuser',
        'PASSWORD': 'mypassword',
        'HOST': '127.0.0.1',
        'PORT': '5432',
    }
}
```