3.1 KiB
ungleich-otp
The ungleich OTP service that allows you access to the ungleich micro service infrastructure.
We are using
- nameko for internal communication
- django for the DB + admin interface
Status
In development, pre production.
Usage: WEB
- No user interface (UI) supported (?) -> idea is to keep flow logic in ungleich-dynamicweb
Usage: BUS
RPC: verify(appuuid, token, appuuidtoverify, tokentoverify)
Verify whether the requesting app is authenticated. This is only allowed to be used for trusted appuuids.
Returns a JSON object:
Either
{
status: "OK"
}
OR
{
status: "FAIL"
}
Usage: REST
- Use an existing token to connect to the service
- All REST based messages: JSON
POST: /verify
Not sure if this one will be publicly available.
Request JSON object:
{
version: "1",
appuuid: "your-app-uuid",
token: "current time based token",
appuuidtoverify: "appuuid that wants to be authenticated",
tokentoverify: "current time based token of appuuidtoverify",
}
Response JSON object:
Either
{
status: "OK",
}
OR
{
status: "FAIL",
}
POST /app/register
Register a new app. Returns an app ID.
Request JSON object:
{ version: "1", appuuid: "your-app-uuid", token: "current time based token", username: "user this app belongs to", appname: "name of your web app" }
Response JSON object:
{
status: "OK",
appuuid: "UUID of your app",
}
OR
{
status: "FAIL",
error: "Reason for failure"
}
GET /app
List all registered apps for the current user.
Request JSON object:
{ version: "1", appuuid: "your-app-uuid", token: "current time based token" }
Response JSON object:
{
status: "OK",
apps: [
{
name: "name of your web app"
appuuid: "UUID of your app",
},
{
name: "name of your second web app"
appuuid: "UUID of your second app",
}
]
}
GET /app/UUID
Get seed for APP to be used as a token
Request JSON object:
{
version: "1",
appuuid: "your-app-uuid",
token: "current time based token"
}
Response JSON object:
{
status: "OK",
seed: "seed of your app"
}
Usage: OTP
The seeds that you receive can be used for TOTP to authenticate your apps.
Database
The database saves a list of appuuids with their seeds and the user assignments as well as whether the appuuid might use the BUS interface.
Fields:
- appuuid (a random UUID)
- appname (name chosen by the user)
- username (who this appuuid belongs to)
- seed (a random base32 string)
- trusted (boolean, whether app is allowed to use the BUS and the verify method)
Environment / Configuration
- POSTGRES_USERNAME
- SECRET_KEY -- random
Random notes / stuff
django.db.backends.postgresql django.contrib.admin
DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': 'mydatabase', 'USER': 'mydatabaseuser', 'PASSWORD': 'mypassword', 'HOST': '127.0.0.1', 'PORT': '5432', } }