ungleich-otp/README.md

# ungleich-otp

The ungleich OTP service that allows you access to the ungleich micro
service infrastructure.

We are using

- nameko for internal communication
- django for the DB + admin interface

## Status

In development, pre production.

## Usage: WEB

- No user interface (UI) supported (?)
  -> idea is to keep flow logic in ungleich-dynamicweb

## Usage: BUS

### RPC: verify(appid, token, appidtoverify, tokentoverify)

Verify whether the requesting app is authenticated. This is only
allowed to be used for trusted appids.

### POST: /verify

Not sure if this one will be publicly available.

```
{
    version: "1",
    appid: "your-app-uuid",
    token: "current time based token",
    appidtoverify: "appid that wants to be authenticated",
    tokentoverify: "current time based token of appidtoverify",
}
```

## Usage: REST

- Use an existing token to connect to the service
- All REST based messages: JSON

### POST /app/register

Register a new app. Returns an app ID.

Request JSON object:

{
    version: "1",
    appid: "your-app-uuid",
    token: "current time based token",
    username: "user this app belongs to",
    appname: "name of your web app"
}

Response JSON object:

{
    appid: "UUID of your app",
}


### GET /app

List all registered apps for the current user.

Request JSON object:

{
    version: "1",
    appid: "your-app-uuid",
    token: "current time based token"
}

Response JSON object:

[
  {
    name: "name of your web app"
    appid: "UUID of your app",
  },
  {
    name: "name of your second web app"
    appid: "UUID of your second app",
  }
]


### GET /app/UUID

Get seed for APP to be used as a token

Request JSON object:

{
    version: "1",
    appid: "your-app-uuid",
    token: "current time based token"
}

Response JSON object:

{
    seed: "seed of your app"
}


## Usage: OTP

The seeds that you receive can be used for TOTP to authenticate your
apps.


## Database

The database saves a list of appids with their seeds and the user
assignments as well as whether the appid might use the BUS interface.

Fields:

- appname (name chosen by the user)
- appid (a random UUID)
- seed  (a random base32 string)
- username (who this appid belongs to)
- trusted (boolean, whether app is allowed to use the BUS)
Initial commit 2018-10-26 16:31:36 +00:00			`# ungleich-otp`

Add hacky/early version README 2018-10-26 17:22:17 +00:00			`The ungleich OTP service that allows you access to the ungleich micro`
			`service infrastructure.`

			`We are using`

			`- nameko for internal communication`
			`- django for the DB + admin interface`

Add status 2018-10-26 17:36:34 +00:00			`## Status`

			`In development, pre production.`

Add hacky/early version README 2018-10-26 17:22:17 +00:00			`## Usage: WEB`

			`- No user interface (UI) supported (?)`
			`-> idea is to keep flow logic in ungleich-dynamicweb`

++ API 2018-10-26 17:45:36 +00:00			`## Usage: BUS`

			`### RPC: verify(appid, token, appidtoverify, tokentoverify)`

			`Verify whether the requesting app is authenticated. This is only`
			`allowed to be used for trusted appids.`

			`### POST: /verify`

			`Not sure if this one will be publicly available.`

			```
			`{`
			`version: "1",`
			`appid: "your-app-uuid",`
			`token: "current time based token",`
			`appidtoverify: "appid that wants to be authenticated",`
			`tokentoverify: "current time based token of appidtoverify",`
			`}`
			```

			`## Usage: REST`
Add hacky/early version README 2018-10-26 17:22:17 +00:00
			`- Use an existing token to connect to the service`
			`- All REST based messages: JSON`

			`### POST /app/register`

			`Register a new app. Returns an app ID.`

Begin to describe JSON objects 2018-10-26 17:31:18 +00:00			`Request JSON object:`

			`{`
Extending API definition 2018-10-26 17:34:17 +00:00			`version: "1",`
Begin to describe JSON objects 2018-10-26 17:31:18 +00:00			`appid: "your-app-uuid",`
Extending API definition 2018-10-26 17:34:17 +00:00			`token: "current time based token",`
			`username: "user this app belongs to",`
			`appname: "name of your web app"`
Begin to describe JSON objects 2018-10-26 17:31:18 +00:00			`}`

			`Response JSON object:`

			`{`
			`appid: "UUID of your app",`
			`}`


Add hacky/early version README 2018-10-26 17:22:17 +00:00			`### GET /app`

			`List all registered apps for the current user.`

Begin to describe JSON objects 2018-10-26 17:31:18 +00:00			`Request JSON object:`

			`{`
Extending API definition 2018-10-26 17:34:17 +00:00			`version: "1",`
Begin to describe JSON objects 2018-10-26 17:31:18 +00:00			`appid: "your-app-uuid",`
			`token: "current time based token"`
			`}`

			`Response JSON object:`
Add hacky/early version README 2018-10-26 17:22:17 +00:00
Begin to describe JSON objects 2018-10-26 17:31:18 +00:00			`[`
			`{`
			`name: "name of your web app"`
			`appid: "UUID of your app",`
			`},`
			`{`
			`name: "name of your second web app"`
			`appid: "UUID of your second app",`
			`}`
			`]`


			`### GET /app/UUID`
Add hacky/early version README 2018-10-26 17:22:17 +00:00
			`Get seed for APP to be used as a token`

Begin to describe JSON objects 2018-10-26 17:31:18 +00:00			`Request JSON object:`

			`{`
Extending API definition 2018-10-26 17:34:17 +00:00			`version: "1",`
Begin to describe JSON objects 2018-10-26 17:31:18 +00:00			`appid: "your-app-uuid",`
			`token: "current time based token"`
			`}`

			`Response JSON object:`

			`{`
			`seed: "seed of your app"`
			`}`

Add hacky/early version README 2018-10-26 17:22:17 +00:00
++ API 2018-10-26 17:45:36 +00:00
Add hacky/early version README 2018-10-26 17:22:17 +00:00			`## Usage: OTP`

			`The seeds that you receive can be used for TOTP to authenticate your`
			`apps.`


			`## Database`

			`The database saves a list of appids with their seeds and the user`
			`assignments as well as whether the appid might use the BUS interface.`

			`Fields:`

			`- appname (name chosen by the user)`
			`- appid (a random UUID)`
			`- seed (a random base32 string)`
			`- username (who this appid belongs to)`
			`- trusted (boolean, whether app is allowed to use the BUS)`