The ungleich OTP service
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

244 lines
3.7 KiB

4 years ago
# ungleich-otp
ungleich-otp is a full blown authentication and authorisation service
made for micro services.
The basic idea is that every micro service has a (long term) seed and
creates time based tokens (TOTP, RFCXXXX).
## Setup instructions ##
This is a standard django project and thus can be easily setup using
4 years ago
```
pip install -r requirements.txt
```
To bootstrap the application, you need your very first trusted seed to
access the application. You can generate it using
```
to be filled in
```
4 years ago
After that, you can run the application using
```
python manage.py runserver
```
The usual instructions on how to setup an https proxy should be followed.
4 years ago
## Realms ##
4 years ago
Access is granting/denied based on realms. There are two reserved
realms, all other realms can be used by the users:
4 years ago
* ungleich-admin: realm??
## Status ##
## Usage: REST ##
- Use an existing token to connect to the service
- All REST based messages: JSON
### POST: /verify
Request JSON object:
4 years ago
```
{
version: "1",
appuuid: "your-app-uuid",
token: "current time based token",
appuuidtoverify: "appuuid that wants to be authenticated",
tokentoverify: "current time based token of appuuidtoverify",
4 years ago
}
```
Response JSON object:
4 years ago
Either
4 years ago
```
{
status: "OK",
4 years ago
}
```
OR
4 years ago
```
{
status: "FAIL",
}
```
### POST /register
4 years ago
Register a new seed. Returns an app ID.
4 years ago
4 years ago
Request JSON object:
4 years ago
```
{
version: "1",
appuuid: "your-app-uuid",
4 years ago
token: "current time based token",
username: "user this app belongs to",
appname: "name of your web app"
4 years ago
}
```
4 years ago
Response JSON object:
```
{
status: "OK",
appuuid: "UUID of your app",
4 years ago
}
```
OR
```
{
status: "FAIL",
error: "Reason for failure"
4 years ago
}
```
### POST /app/register
Register a new app. Returns an app ID.
Request JSON object:
4 years ago
```
{
version: "1",
appuuid: "your-app-uuid",
token: "current time based token",
username: "user this app belongs to",
appname: "name of your web app"
}
4 years ago
```
Response JSON object:
```
{
status: "OK",
appuuid: "UUID of your app",
}
```
OR
```
{
status: "FAIL",
error: "Reason for failure"
}
```
### GET /app
List all registered apps for the current user.
Request JSON object:
4 years ago
```
{
version: "1",
appuuid: "your-app-uuid",
token: "current time based token"
}
4 years ago
```
Response JSON object:
4 years ago
```
{
status: "OK",
apps: [
{
name: "name of your web app"
appuuid: "UUID of your app",
},
{
name: "name of your second web app"
appuuid: "UUID of your second app",
}
]
}
4 years ago
```
### GET /app/UUID
Get seed for APP to be used as a token
Request JSON object:
4 years ago
```
{
version: "1",
appuuid: "your-app-uuid",
token: "current time based token"
}
4 years ago
```
Response JSON object:
4 years ago
```
{
4 years ago
status: "OK",
seed: "seed of your app"
}
4 years ago
```
4 years ago
## Usage: OTP
The seeds that you receive can be used for TOTP to authenticate your
apps.
## Database
The database saves a list of appuuids with their seeds and the user
assignments as well as whether the appuuid might use the BUS interface.
Fields:
- appuuid (a random UUID)
- appname (name chosen by the user)
- username (who this appuuid belongs to)
- seed (a random base32 string)
- trusted (boolean, whether app is allowed to use the BUS and the
verify method)
## Environment / Configuration
- POSTGRES_USERNAME
- SECRET_KEY -- random
## Random notes / stuff
django.db.backends.postgresql
django.contrib.admin
4 years ago
```
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'mydatabase',
'USER': 'mydatabaseuser',
'PASSWORD': 'mypassword',
'HOST': '127.0.0.1',
'PORT': '5432',
}
}
4 years ago
```