The ungleich OTP service
Find a file
2018-10-26 22:00:56 +02:00
ungleichotp + otpauth in settings 2018-10-26 22:00:56 +02:00
.gitignore Update .gitignore and README 2018-10-26 22:00:47 +02:00
nameko1.py OTP get seed && verify token 2018-10-26 18:30:15 +02:00
README.md Update .gitignore and README 2018-10-26 22:00:47 +02:00
requirements.txt Add versions to requirements 2018-10-26 21:30:55 +02:00

ungleich-otp

The ungleich OTP service that allows you access to the ungleich micro service infrastructure.

We are using

  • nameko for internal communication
  • django for the DB + admin interface

Status

In development, pre production.

Usage: WEB

  • No user interface (UI) supported (?) -> idea is to keep flow logic in ungleich-dynamicweb

Usage: BUS

RPC: verify(appuuid, token, appuuidtoverify, tokentoverify)

Verify whether the requesting app is authenticated. This is only allowed to be used for trusted appuuids.

Returns a JSON object:

Either

{
    status: "OK"
}

OR

{
    status: "FAIL"
}

Usage: REST

  • Use an existing token to connect to the service
  • All REST based messages: JSON

POST: /verify

Not sure if this one will be publicly available.

Request JSON object:

{
    version: "1",
    appuuid: "your-app-uuid",
    token: "current time based token",
    appuuidtoverify: "appuuid that wants to be authenticated",
    tokentoverify: "current time based token of appuuidtoverify",
}

Response JSON object:

Either

{
    status: "OK",
}

OR

{
    status: "FAIL",
}

POST /app/register

Register a new app. Returns an app ID.

Request JSON object:

{ version: "1", appuuid: "your-app-uuid", token: "current time based token", username: "user this app belongs to", appname: "name of your web app" }

Response JSON object:

{
    status: "OK",
    appuuid: "UUID of your app",
}

OR

{
    status: "FAIL",
    error: "Reason for failure"
}

GET /app

List all registered apps for the current user.

Request JSON object:

{ version: "1", appuuid: "your-app-uuid", token: "current time based token" }

Response JSON object:

{
    status: "OK",
    apps: [
        {
            name: "name of your web app"
            appuuid: "UUID of your app",
        },
        {
            name: "name of your second web app"
            appuuid: "UUID of your second app",
        }
    ]
}

GET /app/UUID

Get seed for APP to be used as a token

Request JSON object:

{
    version: "1",
    appuuid: "your-app-uuid",
    token: "current time based token"
}

Response JSON object:

{
    status: "OK",
    seed: "seed of your app"
}

Usage: OTP

The seeds that you receive can be used for TOTP to authenticate your apps.

Database

The database saves a list of appuuids with their seeds and the user assignments as well as whether the appuuid might use the BUS interface.

Fields:

  • appuuid (a random UUID)
  • appname (name chosen by the user)
  • username (who this appuuid belongs to)
  • seed (a random base32 string)
  • trusted (boolean, whether app is allowed to use the BUS and the verify method)

Environment / Configuration

  • POSTGRES_USERNAME
  • SECRET_KEY -- random

Random notes / stuff

django.db.backends.postgresql django.contrib.admin

DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': 'mydatabase', 'USER': 'mydatabaseuser', 'PASSWORD': 'mypassword', 'HOST': '127.0.0.1', 'PORT': '5432', } }